When I am behind my firewall, I am trying to use a speedtest and the download speed test completes just fine (but actually not on https://speedtest.net, it won’t even get past “Finding optimal server”).
However when it tries to do an upload test it says it can’t connect. I’ve tried opening up the firewall to allow all outgoing by default, enabled acces by IP in URLfilter.
I’m checking /var/log/messages but I am not seeing any DROP events that would be related to the speedtest at all.
proxy log and url filter log is not showing me anything that would suggest blocking by them.
I am at a loss as to what is dropping the connection???
EDIT If I reboot the firewall, there is a period of time when the system starts, I’m guessing before the iptables rules kick in? Where it works, it does both down and up speed test and has a better latency as well so I guess not being checked against the FW or something at that point.
Banging my head any which way till Wednesday with this one, any boffins around that can at least point me to some logs that I might have missed or something? I cannot for the life of me see what’s blocking the connections
The other thing I thought was maybe the QoS stuff was being problematic, so I disabled QoS as well however it remains exactly the same and it is so strange because I should think if the firewall is dropping connections I would see DROP or REJECT in my messages log.
Only now it just occurred to me to try it with squid off, and try connect directly and not through squid. Will let you know how I go.
Ah interesting, it is working when I bypass squid. So it is something squid is doing that is causing the issues. I guess squid starting up would explain it working before squid starts too (I am allowing traffic on 80/443 bypassing squid, probably the traffic is just going squidless till squid kicks on)
speedtest want´s to use 8080 TCP. By looking into the " Destination ports" section in Squid WUI, 8080 is not allowed. By allowing it for the SSL ports it works at least for me →
That was 100% it, and I am now wiser as I know to check /var/log/squid/access.log in the future, as I had missed it and I couldn’t see anything anywhere else, was going mad!!!
I am going to test v157 now that everything is sweet on v156
The above is to be understood as preventing anything that is not absolutely necessary! And if it neccessary only for 1 speedtest depends completely on you So if I don’t want any software, strange devices, whatever, to have the possibility to send something through the already mentioned proxy port, then I refrain from allowing it.
Ah I see what you mean, you’re talking about keeping that port closed coz not really necessary, yea, you’re most likely right, haven’t even encountered it until now.