FritzBOX 7270 mit TinyProxy 1.6.4 - Nicht alle Webseiten funktionieren

SebastianWe

Neuer User
Mitglied seit
19 Sep 2008
Beiträge
5
Punkte für Reaktionen
0
Punkte
0
Guten Tag!

Wie schon am Titel ersichtlich, habe ich eine FritzBOX 7270 (aktuelle offizielle Firmware) und wollte heute den Proxy-Server Tinyproxy dort zum laufen bringen.

Den Quellcode habe ich mit dem mipsel-linux-gcc unter meinem Gentoo Linux kompiliert und statisch gelinkt.

Dann in /var/tmp/ auf die Fritz!Box geschoben, zusammen mit folgender Config:
Code:
##                   
## tinyproxy.conf -- tinyproxy daemon configuration file
##                                                      

#
# User/Group: This allows you to set the username and group that will be
# used for tinyproxy after the initial binding to the port has been done
# as the root user.                                                     
#                                                                       
# Please note that you may not use UID/GID's here.                      
#                                                                       
User root                                                               
Group root                                                              

#
# Port: Specify the port which tinyproxy will listen on.  Please note
# that should you choose to run on a port lower than 1024 you will need
# to start tinyproxy using root.                                       
#                                                                      
Port 7777                                                              

#
# Listen: If you have multiple interfaces this allows you to bind to
# only one. If this is commented out, tinyproxy will bind to all    
# interfaces present.                                               
#                                                                   
Listen 192.168.178.1                                                

#
# Bind: This allows you to specify which interface will be used for
# outgoing connections.  This is useful for multi-home'd machines where
# you want all traffic to appear outgoing from one particular interface.
#                                                                       
#Bind 89.13.47.1                                                        

#
# Timeout: The maximum number of seconds of inactivity a connection is
# allowed to have before it is closed by tinyproxy.                   
#                                                                     
Timeout 600                                                           

#
# ErrorFile: Defines the HTML file to send when a given HTTP error
# occurs.  You will probably need to customize the location to your
# particular install.  The usual locations to check are:           
#   /usr/local/share/tinyproxy                                     
#   /usr/share/tinyproxy                                           
#   /etc/tinyproxy                                                 
#                                                                  
#ErrorFile 404 "/usr/share/tinyproxy/404.html"                     
#ErrorFile 400 "/usr/share/tinyproxy/400.html"                     
#ErrorFile 503 "/usr/share/tinyproxy/503.html"                     
#ErrorFile 403 "/usr/share/tinyproxy/403.html"                     
#ErrorFile 408 "/usr/share/tinyproxy/408.html"                     

# 
# DefaultErrorFile: The HTML file that gets sent if there is no
# HTML file defined with an ErrorFile keyword for the HTTP error
# that has occured.                                             
#                                                               
#DefaultErrorFile "/usr/share/tinyproxy/default.html"           

#
# StatFile: The HTML file that gets sent when a request is made
# for the stathost.  If this file doesn't exist a basic page is
# hardcoded in tinyproxy.                                      
#                                                              
#StatFile "/usr/share/tinyproxy/stats.html"                    

#
# Logfile: Allows you to specify the location where information should
# be logged to.  If you would prefer to log to syslog, then disable this
# and enable the Syslog directive.  These directives are mutually       
# exclusive.                                                            
#                                                                       
Logfile "/var/log/tinyproxy.log"                                        

#
# Syslog: Tell tinyproxy to use syslog instead of a logfile.  This
# option must not be enabled if the Logfile directive is being used.
# These two directives are mutually exclusive.                      
#                                                                   
#Syslog On                                                          

#
# LogLevel: 
#           
# Set the logging level. Allowed settings are:
#       Critical        (least verbose)       
#       Error                                 
#       Warning                               
#       Notice                                
#       Connect         (to log connections without Info's noise)
#       Info            (most verbose)                           
#                                                                
# The LogLevel logs from the set level and above. For example, if the
# LogLevel was set to Warning, than all log messages from Warning to 
# Critical would be output, but Notice and below would be suppressed.
#                                                                    
LogLevel Connect                                                     

#
# PidFile: Write the PID of the main tinyproxy thread to this file so it
# can be used for signalling purposes.                                  
#                                                                       
PidFile "/var/run/tinyproxy.pid"                                        

#
# XTinyproxy: Include the X-Tinyproxy header, which has the client's IP
# address when connecting to the sites listed.                         
#                                                                      
#XTinyproxy mydomain.com                                               

#
# Upstream:
#          
# Turns on upstream proxy support.
#                                 
# The upstream rules allow you to selectively route upstream connections
# based on the host/domain of the site being accessed.                  
#                                                                       
# For example:                                                          
#  # connection to test domain goes through testproxy                   
#  upstream testproxy:8008 ".test.domain.invalid"                       
#  upstream testproxy:8008 ".our_testbed.example.com"                   
#  upstream testproxy:8008 "192.168.128.0/255.255.254.0"                
#                                                                       
#  # no upstream proxy for internal websites and unqualified hosts      
#  no upstream ".internal.example.com"                                  
#  no upstream "www.example.com"                                        
#  no upstream "10.0.0.0/8"                                             
#  no upstream "192.168.0.0/255.255.254.0"                              
#  no upstream "."                                                      
#                                                                       
#  # connection to these boxes go through their DMZ firewalls           
#  upstream cust1_firewall:8008 "testbed_for_cust1"                     
#  upstream cust2_firewall:8008 "testbed_for_cust2"                     
#                                                                       
#  # default upstream is internet firewall                              
#  upstream firewall.internal.example.com:80                            
#                                                                       
# The LAST matching rule wins the route decision.  As you can see, you  
# can use a host, or a domain:                                          
#  name     matches host exactly                                        
#  .name    matches any host in domain "name"                           
#  .        matches any host with no domain (in 'empty' domain)         
#  IP/bits  matches network/mask                                        
#  IP/mask  matches network/mask                                        
#                                                                       
#Upstream some.remote.proxy:port                                        

#
# MaxClients: This is the absolute highest number of threads which will
# be created. In other words, only MaxClients number of clients can be 
# connected at the same time.                                          
#                                                                      
MaxClients 100                                                         

#
# MinSpareServers/MaxSpareServers: These settings set the upper and
# lower limit for the number of spare servers which should be available.
#                                                                       
# If the number of spare servers falls below MinSpareServers then new   
# server processes will be spawned.  If the number of servers exceeds   
# MaxSpareServers then the extras will be killed off.                   
#                                                                       
MinSpareServers 5                                                       
MaxSpareServers 20                                                      

#
# StartServers: The number of servers to start initially.
#                                                        
StartServers 10                                          

#
# MaxRequestsPerChild: The number of connections a thread will handle
# before it is killed. In practise this should be set to 0, which    
# disables thread reaping. If you do notice problems with memory     
# leakage, then set this to something like 10000.                    
#                                                                    
MaxRequestsPerChild 0                                                

#
# Allow: Customization of authorization controls. If there are any
# access control keywords then the default action is to DENY. Otherwise,
# the default action is ALLOW.                                          
#                                                                       
# The order of the controls are important. All incoming connections are 
# tested against the controls based on order.                           
#                                                                       
Allow 127.0.0.1                                                         
Allow 192.168.178.0/24                                                  

#
# ViaProxyName: The "Via" header is required by the HTTP RFC, but using
# the real host name is a security concern.  If the following directive
# is enabled, the string supplied will be used as the host name in the 
# Via header; otherwise, the server's host name will be used.          
#                                                                      
#ViaProxyName "tinyproxy"                                              

#
# Filter: This allows you to specify the location of the filter file.
#                                                                    
#Filter "/etc/tinyproxy/filter"                                      

#
# FilterURLs: Filter based on URLs rather than domains.
#                                                      
#FilterURLs On                                         

#
# FilterExtended: Use POSIX Extended regular expressions rather than
# basic.                                                            
#                                                                   
#FilterExtended On                                                  

#
# FilterCaseSensitive: Use case sensitive regular expressions.
#                                                                         
#FilterCaseSensitive On                                                   

#
# FilterDefaultDeny: Change the default policy of the filtering system.
# If this directive is commented out, or is set to "No" then the default
# policy is to allow everything which is not specifically denied by the 
# filter file.                                                          
#                                                                       
# However, by setting this directive to "Yes" the default policy becomes
# to deny everything which is _not_ specifically allowed by the filter  
# file.                                                                 
#                                                                       
#FilterDefaultDeny Yes                                                  

#
# Anonymous: If an Anonymous keyword is present, then anonymous proxying
# is enabled.  The headers listed are allowed through, while all others 
# are denied. If no Anonymous keyword is present, then all headers are  
# allowed through.  You must include quotes around the headers.         
#                                                                       
# Most sites require cookies to be enabled for them to work correctly, so
# you will need to allow Cookies through if you access those sites.      
#                                                                        
#Anonymous "Host"                                                        
#Anonymous "Authorization"                                               
#Anonymous "Cookie"                                                      

#
# ConnectPort: This is a list of ports allowed by tinyproxy when the
# CONNECT method is used.  To disable the CONNECT method altogether, set
# the value to 0.  If no ConnectPort line is found, all ports are       
# allowed (which is not very secure.)                                   
#                                                                       
# The following two ports are used by SSL.                              
#                                                                       
ConnectPort 443                                                         
ConnectPort 563

#
# Configure one or more ReversePath directives to enable reverse proxy
# support. With reverse proxying it's possible to make a number of
# sites appear as if they were part of a single site.
#
# If you uncomment the following two directives and run tinyproxy
# on your own computer at port 8888, you can access Google using
# http://localhost:8888/google/ and Wired News using
# http://localhost:8888/wired/news/. Neither will actually work
# until you uncomment ReverseMagic as they use absolute linking.
#
#ReversePath "/google/" "http://www.google.com/"
#ReversePath "/wired/"  "http://www.wired.com/"

#
# When using tinyproxy as a reverse proxy, it is STRONGLY recommended
# that the normal proxy is turned off by uncommenting the next directive.
#
#ReverseOnly Yes

#
# Use a cookie to track reverse proxy mappings. If you need to reverse
# proxy sites which have absolute links you must uncomment this.
#
#ReverseMagic Yes

#
# The URL that's used to access this reverse proxy. The URL is used to
# rewrite HTTP redirects so that they won't escape the proxy. If you
# have a chain of reverse proxies, you'll need to put the outermost
# URL here (the address which the end user types into his/her browser).
#
# If not set then no rewriting occurs.
#
#ReverseBaseURL "http://localhost:8888/"

Den Server starte ich mit
Code:
./tinyproxy -d -c tinyproxy.conf

(Geht allerdings erst, wenn /var/tmp/ auf /tmp/ gemountet wurde, da der Server sonst meckert, dass der Speicher nicht ausreicht um die 10 Initial-Server zu starten -> weil read-only)

Danach funktioniert soweit alles. Ich komme problemlos auf viele Webseiten, allerdings erhalte ich (und deshalb wollte ich auch hier einmal nachfragen) bei z.B. google.de eine leere Antwort am Browser. Ich habe versucht die Problematik einzugrenzen, aber ich habe nichts finden können, was HTTP-technisch die Übertragung von der nicht funktionierenenden Google-Webseite, von der einwandfrei dargestellten Seite von heise.de unterscheidet.

Könnte es ein Konfigurationsproblem sein? Ein Fehler in der Proxy-Version? Zu große Antworten, die nicht zwischengespeichert werden können? (sollte dann nicht eine Meldung im Log erscheinen?)

Anbei übrigens ein Log-Auszug:

Heise:
Code:
CONNECT   Aug 04 19:05:08 [16265]: Connect (file descriptor 10): mpht-ws-05.fritz.box [192.168.178.21]                                                   
CONNECT   Aug 04 19:05:08 [16265]: Request (file descriptor 10): GET http://heise.de/ HTTP/1.1                                                           
CONNECT   Aug 04 19:05:08 [16265]: Established connection to host "heise.de" using file descriptor 11.                                                   
CONNECT   Aug 04 19:05:09 [16266]: Connect (file descriptor 10): mpht-ws-05.fritz.box [192.168.178.21]                                                   
CONNECT   Aug 04 19:05:09 [16266]: Request (file descriptor 10): GET http://www.heise.de/ HTTP/1.1                                                       
CONNECT   Aug 04 19:05:09 [16266]: Established connection to host "www.heise.de" using file descriptor 11.                                               
CONNECT   Aug 04 19:05:09 [16263]: Connect (file descriptor 10): mpht-ws-05.fritz.box [192.168.178.21]                                                   
CONNECT   Aug 04 19:05:09 [16263]: Request (file descriptor 10): GET http://www.heise.de/favicon.ico HTTP/1.1                                            
CONNECT   Aug 04 19:05:09 [16263]: Established connection to host "www.heise.de" using file descriptor 11.                                               
CONNECT   Aug 04 19:05:09 [16269]: Connect (file descriptor 10): mpht-ws-05.fritz.box [192.168.178.21]                                                   
CONNECT   Aug 04 19:05:09 [16269]: Request (file descriptor 10): GET http://www.heise.de/stil/drucken.css HTTP/1.1                                       
CONNECT   Aug 04 19:05:09 [16259]: Connect (file descriptor 10): mpht-ws-05.fritz.box [192.168.178.21]                                                   
CONNECT   Aug 04 19:05:09 [16259]: Request (file descriptor 10): GET http://www.heise.de/stil/standard2008.css HTTP/1.1                                  
CONNECT   Aug 04 19:05:09 [16269]: Established connection to host "www.heise.de" using file descriptor 11.                                               
CONNECT   Aug 04 19:05:09 [16259]: Established connection to host "www.heise.de" using file descriptor 11.                                               
NOTICE    Aug 04 19:05:09 [16183]: Waiting servers (2) is less than MinSpareServers (5). Creating new child.                                             
CONNECT   Aug 04 19:05:09 [16269]: Connect (file descriptor 10): mpht-ws-05.fritz.box [192.168.178.21]                                                   
CONNECT   Aug 04 19:05:09 [16269]: Request (file descriptor 10): GET http://www.heise.de/stil/navi_top2008.css HTTP/1.1

Google:
Code:
CONNECT   Aug 04 19:06:59 [16296]: Connect (file descriptor 10): mpht-ws-05.fritz.box [192.168.178.21]
CONNECT   Aug 04 19:06:59 [16296]: Request (file descriptor 10): GET http://www.google.de/ HTTP/1.1
CONNECT   Aug 04 19:06:59 [16296]: Established connection to host "www.google.de" using file descriptor 11.
NOTICE    Aug 04 19:06:59 [16183]: Waiting servers (4) is less than MinSpareServers (5). Creating new child.

Hat jemand eine Idee, was ich noch versuchen könnte?

Danke!
Sebastian
 
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.