[Apt-proxy-users] Problem with apt-proxy, http backend and a new firewall

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello all,

since Monday, we have a new firewall at work. And since Monday, we have
problems with apt-proxy. And it seems the problem is related to this new
firewall.

We have apt-proxy version 1.9.28 from debian testing distribution. All
http backend has stopped working, and "apt-get update" stops with a
timeout.

To isolate the problem, I have try to do (aptproxy is our apt-proxy):

wget http://aptproxy:9999/debian/dists/testing/Release

and it results of a timeout after about 1 minute:
HTTP request sent, awaiting response... 504 Gateway Time-out
17:56:08 ERROR 504: Gateway Time-out.

Here is the trace from the apt-proxy log file:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
2005/04/19 17:43 CEST [Channel,3,192.33.221.75] [debug] Headers: User-Agent=
: Wget/1.9.1, Host: aptproxy:9999, Accept: */*, Connection: Keep-Alive
2005/04/19 17:43 CEST [Channel,3,192.33.221.75] [debug] Request: GET /debia=
n/dists/testing/Release
2005/04/19 17:43 CEST [Channel,3,192.33.221.75] [Fetcher.activate] (debian)=
 servers:1/debian/dists/testing/Release
2005/04/19 17:43 CEST [Channel,3,192.33.221.75] [file_ok] check_cached: /va=
r/cache/apt-proxy/debian/dists/testing/Release
2005/04/19 17:43 CEST [Channel,3,192.33.221.75] [fetch_real] Consulting ser=
ver about /var/cache/apt-proxy/debian/dists/testing/Release
2005/04/19 17:43 CEST [Channel,3,192.33.221.75] [Fetcher.activate] (debian)=
 servers:1/debian/dists/testing/Release
2005/04/19 17:43 CEST [Channel,3,192.33.221.75] Starting factory <apt_proxy=
=2Eapt_proxy.ClientFactory instance at 0x40a1722c>
2005/04/19 17:43 CEST [Uninitialized] [http_client] GET:/ftp/mirror/debian/=
dists/testing/Release
2005/04/19 17:43 CEST [Uninitialized] [http_client] host:mirror.switch.ch
2005/04/19 17:44 CEST [FetcherHttp,client] [http_client] handleStatus 504 -=
 Gateway Timeout
2005/04/19 17:44 CEST [FetcherHttp,client] [Fetcher] Response code: 504 - N=
one
2005/04/19 17:44 CEST [FetcherHttp,client] [debug] Received: Content-Type t=
ext/html
2005/04/19 17:44 CEST [FetcherHttp,client] [debug] Received: Content-Length=
 342
2005/04/19 17:44 CEST [FetcherHttp,client] [debug] Received: Cache-Control =
no-cache
2005/04/19 17:44 CEST [FetcherHttp,client] [debug] Received: Pragma no-cache
2005/04/19 17:44 CEST [FetcherHttp,client] [Fetcher] Finished receiving dat=
a, status:504 saveData:1
2005/04/19 17:44 CEST [FetcherHttp,client] [Fetcher] Last request removed
2005/04/19 17:44 CEST [FetcherHttp,client] [Fetcher] telling the transport =
to loseConnection
2005/04/19 17:44 CEST [FetcherHttp,client] [http-client] XXX clientConnecti=
onLost
2005/04/19 17:44 CEST [FetcherHttp,client] Stopping factory <apt_proxy.apt_=
proxy.ClientFactory instance at 0x40a1722c>
2005/04/19 17:44 CEST [Channel,3,192.33.221.75] [debug] Client connection c=
losed
2005/04/19 17:44 CEST [Channel,3,192.33.221.75] Top 10:
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         84 Exception
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         32 DBError
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         28 DBError
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         24 StandardError
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         23 ClientFactory
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         22 FetcherHttp
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         22 Protocol
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         20 SelectReactor
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         17 Warning
2005/04/19 17:44 CEST [Channel,3,192.33.221.75]         17 ValueError
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D

Using netstat on aptproxy, I can see the connection to the real debian serv=
er
is established, so all seems to be OK.

The firewall is configured to accept everything from the inside network
to the outside.

The backend is:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
[debian]
;; The main Debian archive
backends =3D=20
        http://mirror.switch.ch/ftp/mirror/debian
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
       =20
What is strange, is that we can do a wget on the real file from
aptproxy computer!!! This mean:
wget http://mirror.switch.ch/ftp/mirror/debian/dists/testing/Release
is working as expected...

The ftp backends are working OK. We have just problems with the http
backends.

We also have try to use a tunnel over ssh to bypass the firewall, and in
this condition, apt-proxy is working OK.

What can I test/do to find the problem ?

Thanks in advance for your help.

        Olivier
--=20
Olivier Bornet                |    fran=E7ais : http://puck.ch/f
Swiss Ice Hockey Results      |    english  : http://puck.ch/e
http://puck.ch/               |    deutsch  : http://puck.ch/g
Oli...@pu...        |    italiano : http://puck.ch/i
Get my PGP-key at http://puck.ch/pgp or at http://pgp.mit.edu/