Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transparent proxy prevents connections #43

Open
iurly opened this issue May 29, 2018 · 2 comments
Open

Transparent proxy prevents connections #43

iurly opened this issue May 29, 2018 · 2 comments

Comments

@iurly
Copy link

iurly commented May 29, 2018

OS: LEDE on Raspberry Pi3
Tested version: node-iotronic-lightning-rod - 2.1.0-3

This is probably not a bug in Lightning Rod itself, but a deployment limitation it might be worth knowing about.
When Lightning Rod tries to connect on a network where a firewall with transparent proxy is enabled (ipfire in this case), connection fails with what looks like a crash on the client side (TCP RST).

See the following traces captured with tcpdump:

  • Failing
GET /ws HTTP/1.1
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: iJmZC9JRB6hamahAjMDIEg==
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Protocol: wamp.2.json,wamp.2.msgpack
Host: **HOST REMOVED**

HTTP/1.1 200 OK
Date: Wed, 16 May 2018 16:15:39 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 11302
X-Cache: MISS from ipfire.fweb
X-Cache-Lookup: HIT from ipfire.fweb:8080
Connection: keep-alive

<!doctype html>
<html>
   <head>
      
      
      <meta charset="utf-8" />
      <meta name="viewport" content="width=device-width, initial-scale=1.0">

      <title>Crossbar.io application router</title>

      <style>
         html {
            margin: 0;
            padding: 0;
            width: 100%;
            height: 100%;
         }

         body {
            margin: 0;
            padding: 0;
            width: 100%;
            height: 100%;
            color: #444;
            background-color: #ececec;
            font-family: 'Open Sans', 'Helvetica', 'Arial', sans-serif;
            line-height: 1.6em;
         }

         a {
            color: #b59f00;
         }

         a:visited {
            color: #b59f00;
         }

         a:hover {
            color: #E4C904;
         }

         pre {
            color: #080;
            font-family: 'Consolas', monospace;
            font-size: 1.4em;
         }

         #content {
            width: 680px;
            margin: 80px auto 0 auto;
         }

         #logo {
            width: 474px;
            height: 80px;
            margin: 0 auto 40px auto;
         }
      </style>
      
   </head>
   <body>
      <div id="content">

         <div id="logo">
            <svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" viewBox="0 0 473.17 80">
            <g transform="matrix(.49999 0 0 .5 140.97 873.95)">
            <path fill="#1a1a1a" d="m-281.94-1747.9h160v160h-160z"/>
            <path style="block-progression:tb;text-indent:0;color:#000000;text-transform:none" fill="#ffde00" d="m-281.94-1714v16l37.708-0.1145 25.104 25.104 11.562-11.562-29.688-29.688z"/>
            <path style="block-progression:tb;text-indent:0;color:#000000;text-transform:none" fill="#ffde00" d="m-184.91-1661.9-11.562 11.562 28.698 28.698h45.833v-16.042h-38.75z"/>
            <path style="block-progression:tb;text-indent:0;color:#000000;text-transform:none" fill="#ffde00" d="m-166.63-1714.2-76.342 76.695h-38.97v16h45.689l76.602-76.549h37.708v-16.146z"/>
            </g>
            <path d="m137.54 60.49c-5.2947 1.0592-10.349 1.5888-15.163 1.5888-1.926-0.000001-3.7433-0.08447-5.4518-0.25342-1.7086-0.16895-3.61-0.52998-5.7041-1.0831-2.0942-0.55311-3.8755-1.299-5.3438-2.2378-1.4684-0.93875-2.7079-2.2628-3.7187-3.9721-1.0107-1.7093-1.5161-3.7194-1.5161-6.0303v-20.58c0-9.4345 7.2448-14.152 21.735-14.152 3.5625 0.000047 8.5207 0.52966 14.875 1.5888v8.4488c-5.728-1.3486-10.638-2.0229-14.729-2.0229-1.6366 0.000039-2.9724 0.04815-4.0073 0.14434-1.035 0.09627-2.1185 0.33683-3.2504 0.72169-1.132 0.38494-1.9745 0.99866-2.5276 1.8411-0.55314 0.84256-0.82969 1.9381-0.82968 3.2867v19.93c-0.00001 4.2354 3.8747 6.3531 11.624 6.3531 3.4186 0.000008 8.0881-0.69781 14.009-2.0935z" fill="#1a1a1a"/>
            <path d="m167.27 34.423h-3.6118c-2.8883 0.000027-5.0666 0.44516-6.5349 1.3354-1.4684 0.8903-2.2026 2.4189-2.2026 4.5858v21.012h-10.542v-34.95h10.038v6.1394c0.0485-1.7335 1.0475-3.3102 2.997-4.7301 1.9495-1.4198 3.9834-2.1298 6.1019-2.1298h3.755z" fill="#1a1a1a"/>
            <path d="m207.53 39.044v10.326c-0.00004 2.2624-0.36107 4.1998-1.0831 5.8121-0.7221 1.6123-1.6127 2.8636-2.6719 3.7539-1.0592 0.89028-2.4431 1.5763-4.1517 2.0582-1.7086 0.48186-3.2728 0.78303-4.6927 0.9035-1.4199 0.12046-3.141 0.1807-5.1631 0.1807-2.0222-0.000001-3.7433-0.06023-5.1632-0.1807s-2.9845-0.42163-4.6938-0.9035c-1.7093-0.48186-3.0936-1.1679-4.1528-2.0582-1.0592-0.89027-1.9499-2.1416-2.6719-3.7539-0.72206-1.6123-1.0831-3.5497-1.0831-5.8121v-10.326c0-2.4078 0.37315-4.466 1.1194-6.1746 0.7463-1.7085 1.6612-3.0201 2.7446-3.9346 1.0834-0.91448 2.4916-1.6248 4.2244-2.1309 1.7328-0.50607 3.2853-0.81899 4.6574-0.93875 1.3721-0.1197 3.045-0.17956 5.0188-0.1796 1.9737 0.000036 3.6466 0.0599 5.0188 0.1796 1.3721 0.11977 2.9246 0.43268 4.6574 0.93875 1.7328 0.50614 3.1405 1.2164 4.2233 2.1309 1.0827 0.91454 1.9972 2.2261 2.7435 3.9346 0.74626 1.7086 1.1194 3.7668 1.1194 6.1746zm-10.542 11.554v-13.215c-0.00003-1.8775-0.48153-3.2133-1.4445-4.0073-0.96302-0.79402-2.8886-1.191-5.7769-1.1911-2.8883 0.00003-4.8135 0.39705-5.7758 1.1911-0.96228 0.79408-1.4434 2.1299-1.4434 4.0073v13.215c-0.00002 1.829 0.46899 3.1046 1.407 3.8266 0.938 0.72207 2.8754 1.0831 5.8121 1.0831 2.9367 0.000006 4.8744-0.36102 5.8132-1.0831 0.93872-0.72205 1.4081-1.9976 1.4081-3.8266z" fill="#1a1a1a"/>
            <path d="m245.85 47.709v4.4051c-0.00004 1.7321-0.32471 3.2239-0.97401 4.4756-0.64938 1.2517-1.4677 2.2268-2.4549 2.9253-0.98726 0.69856-2.2753 1.2403-3.8641 1.6252-1.5889 0.3849-3.1171 0.63759-4.5847 0.75806-1.4676 0.12046-3.1887 0.1807-5.1632 0.1807-3.8035-0.000001-8.401-0.3614-13.793-1.0842v-7.0032c6.6917 1.0107 11.338 1.5161 13.938 1.5161 2.0699 0.000006 3.6705-0.20457 4.8018-0.61372 1.1312-0.40914 1.6968-1.2153 1.6968-2.4185v-2.1684c-0.00003-1.1062-0.31294-1.9363-0.93876-2.4901-0.62585-0.55384-1.9738-0.83076-4.0437-0.83078h-4.5505c-3.6581 0.000015-6.51-0.73417-8.5557-2.2025s-3.0686-3.6224-3.0686-6.4622v-4.2597c-0.00001-3.1776 1.5165-5.3681 4.5494-6.5713s7.3172-1.8048 12.853-1.8048c2.3109 0.000036 6.4508 0.21673 12.42 0.65008v6.7145c-7.5101-0.57733-11.746-0.866-12.708-0.86603-2.9367 0.00003-4.7904 0.2046-5.5609 0.61372-0.77056 0.40917-1.1558 1.1911-1.1558 2.3458v1.8775c-0.00002 0.57738 0.30115 1.107 0.90349 1.5888 0.60232 0.48189 1.5293 0.72282 2.781 0.7228h4.621c8.5678 0.000022 12.852 2.792 12.852 8.3761z" fill="#1a1a1a"/>
            <
  • Successful:
    When the proxy is disabled, everything works as expected:
GET /ws HTTP/1.1
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: rpaj+5FXQcMKk+wY19R/6g==
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Protocol: wamp.2.json,wamp.2.msgpack
Host: **HOST REMOVED**

HTTP/1.1 101 Switching Protocols
Date: Tue, 29 May 2018 10:13:24 GMT
Connection: upgrade
Upgrade: WebSocket
Sec-WebSocket-Protocol: wamp.2.json
Sec-WebSocket-Accept: xMULO8lCVAZIpQC2XPtHHsSis5c=

......1.......E.......T...J...].......W...D.......R...T...U...X...P..._...C.......V...B...n...]...B...B...C...L...P...T.......E...B.......]...X...E...R...^...E.......E..._...B...C...B...E.......D...B...T...T...E...X.......T...C...T...G...P...C...].......T...T...E...X...C...R...^...E...L...A...X...C.......E...B.......]...T...U...X...P..._...C.......B...S...S...Z...E...X..._...E.......S...Y...T...D..._...C...L...D...C...C.......E...B.......]...T...U...X...P..._...C.......E...n...T...D...C...X.......T...D...C...X...C...R...^...E...L...l.~.N[2,2076706360073241,{"x_cb_node_id":null,"realm":"s4t","authid":"9CYU-Y47W-W4CX-FUHH-XK39-4NNF","authrole":"anonymous","authmethod":"anonymous","authprovider":"static","roles":{"broker":{"features":{"publisher_identification":true,"pattern_based_subscription":true,"session_meta_api":true,"subscription_meta_api":true,"subscriber_blackwhite_listing":true,"publisher_exclusion":true,"subscription_revocation":true,"payload_transparency":true,"payload_encryption_cryptobox":true,"event_retention":true}},"dealer":{"features":{"caller_identification":true,"pattern_based_registration":true,"session_meta_api":true,"registration_meta_api":true,"shared_registration":true,"call_canceling":true,"progressive_call_results":true,"registration_revocation":true,"payload_transparency":true,"testament_meta_api":true,"payload_encryption_cryptobox":true}}}}]

Perhaps there's something that could be done on the firewall side and/or in the way the request is formed?
@gmerlino
Copy link
Member

Thanks for your feedback.

Could you please share the settings of the transparent proxy, in order for us to be able to reproduce the issue?

@iurly
Copy link
Author

iurly commented May 29, 2018

Unfortunately that's not under my control. The only thing I know is the culprit was the "Transparent on green" flag on ipfire. It might be a bug on the proxy software itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gmerlino @iurly