ASL Firewall & E-Commerce Applications

User avatar
JnascECSI
Forum Regular
Forum Regular
Posts: 306
Joined: Mon Apr 14, 2008 8:29 am
Location: Rhode Island

ASL Firewall & E-Commerce Applications

Unread post by JnascECSI »

Hey guys hope someone can help me out, i have a couple clients that are moving over to PrestoShop for their e-commerce and having some strange things happening and i think it is ASL firewall related. Seems that prestoshops installer and the admin panel do a lot of outbound talking and downloading depending on the module back to prestoshop.

Because of this when trying to install some things are not getting updated and also once the installer is complete the frontend is real fast but the admin is wicked slow due to it waiting to timeout on certain functions when it is trying to get out.

How and what is the best way to allow 80 and 443 traffic outbound so that they will function as designed? as a side note i also have this issue with SugareCRM and the updater and Plesk and the license key updates so usually have to kill the asl-firewall when i want to run the updaters.

I just want to allow thinks to do what they are supposed to do but also not cause a security issue or risk if i can keep it limited. I did just try adding 80 & 443 to the Outbound TCP services setting in the asl config but not sure if this is the best way and not positive if these are even what ports yet they are trying to get out on.

thanks in advance.
James Nascimento
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: ASL Firewall & E-Commerce Applications

Unread post by faris »

Could be DNS as well.

Or is could be similar to the annoying issue I'm seeing with Wordpress not being able to resolve or connect to downloads.wordpress.org or whatever it is more often than not, causing people to have to try scores of times before being able to download an update.

Now in my case I don't have outbound connections firewalled at all. Are you sure that you do? If you don't then it isn't likely to be anything to do with outbound and more likely something else entirely.

I take it that there's nothing shown in the ASL log for the hosted domain in question?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
User avatar
JnascECSI
Forum Regular
Forum Regular
Posts: 306
Joined: Mon Apr 14, 2008 8:29 am
Location: Rhode Island

Re: ASL Firewall & E-Commerce Applications

Unread post by JnascECSI »

Faris,
Your correct it seems any type of crm or cms cannot get out and connect to anything, and there is nothing in the logs and i looked everywhere. DNS is not issue as i have done nslookups on all the respected links these crm and cms mention and they resolve fine.

If i do a service asl-firewall stop and try some of these admin features seems to work but i can't leave it like that.
James Nascimento
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: ASL Firewall & E-Commerce Applications

Unread post by faris »

Domains resolve correctly for me too. Oddly, as soon as I've pinged, it SEEMS to become easier for the php script to access the download site. But this may be my imagination.

Anyway, if it seems to work with the firewall down then that surely must indicate a firewall or iptables/configuration issue

If you have ASL logging firewall drops, have you cross-checked the IPs that the domains in question resolve to, to see if they appear in the log? If not, maybe turning drop logging on in order to do so might help. (I have not done this - I have only just thought of it).
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply