Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Strange traffic ?!!
  •  
Whistler

Messages: 5
Karma: 0
Send a private message to this user
Hello. I Found HoRRibLE BUG! Winroute, when working in transparent proxy mode, downloads a lot's more traffic then user really requested. What means a lot's more? When user downloads 50 megs file using multipart file downloader, winroute request's for about 60 megs. moreover, winroute keeps connection even if user stopped download. After user stops donload winroute download about 5 - 20 meg more and puts this traffic to user account.

Cashing is off, possible winroute continues download of aborted files and have some bugs when using multipart downloads.

Just in case: when switching winroute to NAT mode (turning off transparent proxy), everything becomes perfect, but filtering and antivirus protection is unavailable in this mode Crying or Very Sad .
Please say, how to fix this problem.

Winroute ver 6.2.0
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Whistler wrote on Thu, 13 April 2006 22:04

moreover, winroute keeps connection even if user stopped download. After user stops donload winroute download about 5 - 20 meg more and puts this traffic to user account.


Check if you have or don't have selected Configuration->Content Filtering->HTTP Policy->Cache->Continue aborted download option in KWF.
Quote:


Just in case: when switching winroute to NAT mode (turning off transparent proxy), everything becomes perfect, but filtering and antivirus protection is unavailable in this mode Crying or Very Sad .



That's not true. When you using NAT, HTTP protocol inspector is still running and KWF is able to do HTTP/URL filtering and AV scanning of all HTTP traffic.

Petr Dobry
Product Development Manager | Kerio
  •  
Whistler

Messages: 5
Karma: 0
Send a private message to this user
just checked:
"Configuration->Content Filtering->HTTP Policy->Cache->Continue aborted download " - turned off.
Sad

"When you using NAT, HTTP protocol inspector is still running and KWF is able to do HTTP/URL filtering and AV scanning of all HTTP traffic."

Not works for me. In transparent proxy mode I can't download http://www.eicar.org/download/eicar.com but in pure nat (Transparent proxy turned off in configuration) - there is no problems in downloading this file Surprised

Interfaces config: first interface - xdsl, second - lan 192.168.0.1

standart rules created
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
Please submit a support ticket http://support.kerio.com

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
kesleri

Messages: 15
Karma: 0
Send a private message to this user
Well Proxy:

Whenever you are loged in from another ISP then the one on KWF so...

Lets call the ISP you are loged on 1 and ISP of KWF 2

If ISP 1 has more speed then the KWF server's ISP 2 you will see that you won't encounter this problem.

If 2 has more speed then 1 then whenever you request a download, kerio automaticly downloads the file in his cache with the maximum speed allowed. When Kerio finished the download the traffic is stoped but you still keep receiving the file.

This may be not to acurate but this is what i noticed when i tryed to use the Proxy Service.
  •  
Whistler

Messages: 5
Karma: 0
Send a private message to this user
"If 2 has more speed then 1 then whenever you request a download, kerio automaticly downloads the file in his cache with the maximum speed allowed. When Kerio finished the download the traffic is stoped but you still keep receiving the file."

But all users use multipart downloaders. So even if the download is finished, winroute continious downloading of other parts of file.... But user has allready downloaded all the file!! So the result is the user downloaded 100 meg.... and winroute downloaded 150 meg. I dont like it becouse my users pays for megabytes and they will ask me about this. Transparent Proxy must request from the net only that, what user is really requesting. And such 'FEATURE' overloads my internet channel - other users have 'some' difficuties accessing the net becouse of overloading. I don't like internal shaper but external shapers does not work - the user get's the speed that is set in shaper but winroute uses 100% of the speed.
All of this is only for transparent proxy mode. In pure nat all works great, but no antivirus, no filtering, no http requests log. Sad


  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Whistler wrote on Fri, 14 April 2006 08:44

In pure nat all works great, but no antivirus, no filtering, no http requests log.



Then you have probably disabled HTTP protocol inspector. Please submit a support ticket http://support.kerio.com.

Petr Dobry
Product Development Manager | Kerio
  •  
Whistler

Messages: 5
Karma: 0
Send a private message to this user
If <variable name="TransparentProxyEnabled">0</variable>
then no antivirus, no filtering, no http requests log but NO problems with traffic, only this is changed in config.

if <variable name="TransparentProxyEnabled">1</variable>
then ANTIVIRUS, Filtering, Http logs.... but A LOT of strange traffic!


Will submit a ticket later, I wish to see anybody else has the same problems.

Now only answer from kesleri about this prblem.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I do NOT use the proxy or the transparent proxy and my traffic IS filtered, checked for virusses, etc just fine by the protocol inspectors. Must be some problem at your end and not a general KWF bug.
  •  
kesleri

Messages: 15
Karma: 0
Send a private message to this user
Well im sorry but this problem never accured to me.
  •  
Whistler

Messages: 5
Karma: 0
Send a private message to this user
winkelman, Transparent proxy is turned on by DEFAULT. the only way to turn it off is to modify the config file. Did you switched it off? possibly not. If you do this you will see that everything listed above will not work. I have just reinstalled OS and checked older version -6.1.3 = all the same bug.

Kesleri, you wrote 'whenever you request a download, kerio automaticly downloads the file in his cache with the maximum speed allowed' = this is the traffic I am telling about. In multipart downloads kerio automatically downloads all the parts even if user did not requested it. And if client connection with winroute is brokes and then reestablishes, it starts the download again from the begining of requested part and to the end of file (part) automatically. It uses 100% of the cnannel speed and if user pauses download it continues it for some period of time (continue partially download is turned off)
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Whistler wrote on Fri, 14 April 2006 23:46

winkelman, Transparent proxy is turned on by DEFAULT. the only way to turn it off is to modify the config file.

I may have misteken the option to turn on/off the cache on the transparent proxy with the proxy itself. Sorry.

Out of curiosity: what exactly does this transparent proxy do and why would you want to turn it of?
Previous Topic: KWF 6.2 & Skype 2
Next Topic: VPN routing
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 15:26:03 CET 2017

Total time taken to generate the page: 0.00638 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.