Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAVP.log: Connect () failed: Operation not permitted

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Roodawakening
      last edited by

      I finally seem to have HAVP and Squid running concurrently and thought I was on my way to nirvana. Unfortunately, a new problem has reared its ugly head: I'm getting way too many "Server Not Responding" errors via HAVP (from /usr/local/share/examples/havp/templates/en/down.html?), even when the sites that trigger the error are up according to www.isthisdown.com. I reviewed the HAVP.log file and found hundreds of entries like

      connect() failed: Operation not permitted
      Could not connect to server (xxx.xxx.xxx.xxx)

      For example, using a LAN client, I attempted to download the Mac OS X program "Paintbrush" from sourceforge.net, whose IP is 216.34.181.96. No matter what I tried, HAVP would tell me "Server Not Responding," even though sourceforge.net was live. I even E-mailed friends of mine to confirm sourceforge.net was up and running and they had no connectivity problems whatsoever.

      Does anyone know why HAVP is telling me so many servers are not responding? It's driving me nuts and the logs aren't tell me anything other than the obvious–that it can't connect. Like duh!

      "The descent to hell is easy. The gates stand open day and night. But to reclimb the slope and escape to the upper air: This is labor."
      –Virgil, Aeneid, Book 6

      Rob

      1 Reply Last reply Reply Quote 0
      • R
        Roodawakening
        last edited by

        It appears to be tied to Snort. I have a Snort2c alert which advises that an attack from 216.34.181.96 was detected and blocked. What's interesting is why Snort suspects sourceforge "attacked" my ip in the first place. To make matter even more confusing I have blocking turned off in Snort. Why is it blocking even if it was a legitimate attack (which I very much doubt)?

        This is annoying as hell.

        "The descent to hell is easy. The gates stand open day and night. But to reclimb the slope and escape to the upper air: This is labor."
        –Virgil, Aeneid, Book 6

        Rob

        1 Reply Last reply Reply Quote 0
        • J
          jamesdean
          last edited by

          jim-p made some changes to the code and as a result snort2c is starting without permission.
          I'll fix it tonight….......
          jim-p is a way better coder than me so its not his fault.

          As for your alerts when going to sourceforge. you may have to disable that alert or threshold it.

          james

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.