Atomicorp

Hey guys hope someone can help me out, i have a couple clients that are moving over to PrestoShop for their e-commerce and having some strange things happening and i think it is ASL firewall related. Seems that prestoshops installer and the admin panel do a lot of outbound talking and downloading depending on the module back to prestoshop.

Because of this when trying to install some things are not getting updated and also once the installer is complete the frontend is real fast but the admin is wicked slow due to it waiting to timeout on certain functions when it is trying to get out.

How and what is the best way to allow 80 and 443 traffic outbound so that they will function as designed? as a side note i also have this issue with SugareCRM and the updater and Plesk and the license key updates so usually have to kill the asl-firewall when i want to run the updaters.

I just want to allow thinks to do what they are supposed to do but also not cause a security issue or risk if i can keep it limited. I did just try adding 80 & 443 to the Outbound TCP services setting in the asl config but not sure if this is the best way and not positive if these are even what ports yet they are trying to get out on.

thanks in advance.

Could be DNS as well.

Or is could be similar to the annoying issue I'm seeing with Wordpress not being able to resolve or connect to downloads.wordpress.org or whatever it is more often than not, causing people to have to try scores of times before being able to download an update.

Now in my case I don't have outbound connections firewalled at all. Are you sure that you do? If you don't then it isn't likely to be anything to do with outbound and more likely something else entirely.

I take it that there's nothing shown in the ASL log for the hosted domain in question?

Faris,
Your correct it seems any type of crm or cms cannot get out and connect to anything, and there is nothing in the logs and i looked everywhere. DNS is not issue as i have done nslookups on all the respected links these crm and cms mention and they resolve fine.

If i do a service asl-firewall stop and try some of these admin features seems to work but i can't leave it like that.

Domains resolve correctly for me too. Oddly, as soon as I've pinged, it SEEMS to become easier for the php script to access the download site. But this may be my imagination.

Anyway, if it seems to work with the firewall down then that surely must indicate a firewall or iptables/configuration issue

If you have ASL logging firewall drops, have you cross-checked the IPs that the domains in question resolve to, to see if they appear in the log? If not, maybe turning drop logging on in order to do so might help. (I have not done this - I have only just thought of it).