GPL 403 Forbidden #9727
Replies: 2 comments 1 reply
-
|
Per the firewall documentation (https://docs.securityonion.net/en/2.3/firewall.html), port 3142 is for apt-cacher-ng; that is, it's used if you're distributing updates from the Manager to the minion nodes. Is that how your grid is configured? |
Beta Was this translation helpful? Give feedback.
-
|
Hi! Oh now I see it! Yeah we do have our environment configured that way. So maybe I should check if the firewall is allowing the manager to connect with the minion or if the minion is denying connection from the manager node |
Beta Was this translation helpful? Give feedback.
-
|
Update, still unable to resolve - Followed the PCAP and get the following TCP Stream: CONNECT esm.ubuntu.com:443 HTTP/1.1 HTTP/1.0 403 CONNECT denied (ask the admin to allow HTTPS tunnels) In the 4 and 7th line I see the following - Destination and Source IP were named to match the screenshot above 4 0.070493 Destination IP Source IP HTTP 173 CONNECT esm.ubuntu.com:443 HTTP/1.1 7 0.070587 Source IP Destination IP HTTP 66 HTTP/1.0 403 CONNECT denied (ask the admin to allow HTTPS tunnels) I can wipe the forward node server and try to redo the setup, we are still under development mode but wanted to check if there was an easier fix! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Has anyone experienced this issue?
I connected a forward node to our security onion environment and and started receiving tons of GPL WEB_SERVER 403 Forbidden alerts. The alerts have the manager node as source ip with port 3142 and destination ip of the forward node with a different port each time. It seems like it is a firewall issue. Do I need to allow the forward node with so-firewall? I already ran so-allow and allowed the node through all the components on there.
Any help is appreciated!
Beta Was this translation helpful? Give feedback.
All reactions