Hello
We have Wingate 6.6.4 based on Win2000 adv. server and 2 ISP-s. One kind of traf goes through first ISP another through second. All the users with access to internet in one moment instead of site get a socket error. Copy-paste from logs: "Error: responding with code 500 Socket Error". Ping from proxy to internet goes without losings. Server's workload isn't high. Free RAM about 2Gb.
What can solve the problem?
Socket Error
Moderator: Qbik Staff
9 posts
• Page 1 of 1
Re: Socket Error
by adrien » Mar 23 11 12:23 am
Hi
So you are using 2 connections? What type of internet connection are these (dialup, DSL?). Do they use an ethernet connection to connect to WinGate? Are they on the same hub?
I'm wondering if there's some routing problem causing this if you're using dialup once the second connection is connected (and changes the route table).
Regards
Adrien
So you are using 2 connections? What type of internet connection are these (dialup, DSL?). Do they use an ethernet connection to connect to WinGate? Are they on the same hub?
I'm wondering if there's some routing problem causing this if you're using dialup once the second connection is connected (and changes the route table).
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Socket Error
by luft » Mar 23 11 1:43 am
Hi again
This is simplified scheme of the net:
WWW traffic goes to Fa0/0 and then to ISP1, SMTP+POP3 to Fa0/1 and ISP2. There is a policy based routing on the Cisco 2811. Without proxy works fine. We have 2 dedicated channels from the ISP's - no dialup's or connections through PPoE.
'route print' on the proxy shows 2 routes with the same metric to fa0/0 and fa0/1. May be this is the reason of the problem?
Problem arises one time in about 10 minutes for 30 seconds
There is no NAT translation failures on Cisco Router at this time.
PS Sorry if there was some mistakes - english isn't my native language
This is simplified scheme of the net:
WWW traffic goes to Fa0/0 and then to ISP1, SMTP+POP3 to Fa0/1 and ISP2. There is a policy based routing on the Cisco 2811. Without proxy works fine. We have 2 dedicated channels from the ISP's - no dialup's or connections through PPoE.
'route print' on the proxy shows 2 routes with the same metric to fa0/0 and fa0/1. May be this is the reason of the problem?
Problem arises one time in about 10 minutes for 30 seconds
There is no NAT translation failures on Cisco Router at this time.
PS Sorry if there was some mistakes - english isn't my native language
- luft
- Posts: 5
- Joined: Mar 18 11 2:52 am
Re: Socket Error
by luft » Mar 23 11 9:35 pm
Problem solved
For example let NIC connected to Fa0/0 have ip 10.0.0.1 and NIC connected to Fa0/1 - 10.1.1.1.
In theory Fa0/0 contacts only with 10.0.0.1. On Fa0/0 we have an ACL with permitted ports and permited _SOURCE_.
In practice NIC 10.0.0.1 some times sends packets with the source _10.1.1.1_ and ACL filters them.
So when i permitted source 10.0.0.1 and 10.1.1.1 in the ACL 'socket error' disappeared.
All works fine, but it's interesting why Wingate do so
For example let NIC connected to Fa0/0 have ip 10.0.0.1 and NIC connected to Fa0/1 - 10.1.1.1.
In theory Fa0/0 contacts only with 10.0.0.1. On Fa0/0 we have an ACL with permitted ports and permited _SOURCE_.
In practice NIC 10.0.0.1 some times sends packets with the source _10.1.1.1_ and ACL filters them.
So when i permitted source 10.0.0.1 and 10.1.1.1 in the ACL 'socket error' disappeared.
All works fine, but it's interesting why Wingate do so
- luft
- Posts: 5
- Joined: Mar 18 11 2:52 am
Re: Socket Error
by adrien » Mar 29 11 4:18 pm
Hi
thanks for that.
Could you post a screenshot of the Gateways settings for the 2 connections in the WWW proxy?
I'm wondering if the source IP setting is getting mixed up (or isn't set).
Adrien
thanks for that.
Could you post a screenshot of the Gateways settings for the 2 connections in the WWW proxy?
I'm wondering if the source IP setting is getting mixed up (or isn't set).
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Socket Error
by adrien » Mar 30 11 12:36 am
thanks for that
do the gateway rules specify an interface IP, or just any one?
Regards
Adrien
do the gateway rules specify an interface IP, or just any one?
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Socket Error
by luft » Mar 30 11 7:34 pm
I found that in gateway policies source ip set to any IP adressfor both NIC's. May be it should be set to specified IP of the NIC?
- luft
- Posts: 5
- Joined: Mar 18 11 2:52 am
Re: Socket Error
by adrien » Mar 31 11 12:10 am
Hi
yes, I think that's it.
If you leave it set to any, then the os chooses the source IP to use when a socket makes a connection. It chooses the source address based on a route table lookup. So it will choose either of your adapters IPs at random. Our gateway selection code will actually divert outbound packets out other interfaces, but can't touch source IP, so in such cases you can end up with packets seeminly going out the wrong interface.
Regards
Adrien
yes, I think that's it.
If you leave it set to any, then the os chooses the source IP to use when a socket makes a connection. It chooses the source address based on a route table lookup. So it will choose either of your adapters IPs at random. Our gateway selection code will actually divert outbound packets out other interfaces, but can't touch source IP, so in such cases you can end up with packets seeminly going out the wrong interface.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 25 guests