License update fails - ka.swsoft.com

[carpman]

Hello, ok when trying to retrieve keys for license update it fails with error:

Licensing Server Unreachable: Unable to connect with licensing server.
Please make sure that your network allows communication to ka.swsoft.com:5224.
For more details check system help pages.

output via ssh shows issues with ka.swsoft.com

# nmap -P0 -p5224 ka.swsoft.com

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2008-07-28 11:51 GMT
Failed to resolve given hostname/IP: ka.swsoft.com.  Note that you can't use '/mask' AND '[1-4,7,100-]' style IP ranges
WARNING: No targets were specified, so 0 hosts scanned.
Nmap run completed -- 0 IP addresses (0 hosts up) scanned in 0.024 seconds

# traceroute ka.swsoft.com
traceroute: unknown host ka.swsoft.com

i have added ka.swsoft.com to hosts.allow but still no joy, i know the domain is ok as can find from home connection.


I am using the firewall via plesk CP which setup as below, i even added rule to allow outgoing to port 5224

#!/bin/sh
#
# Automatically generated by Plesk netconf
#

set -e

echo 0 > /proc/sys/net/ipv4/ip_forward
([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
(rmmod ipchains) >/dev/null 2>&1 || true
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t mangle -Z
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t nat -Z
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 106 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 5432 -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 9008 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 9080 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 137 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 138 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 139 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 445 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT

/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT

/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT

/sbin/iptables -A INPUT -j ACCEPT

/sbin/iptables -A OUTPUT -p tcp --dport 5224 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --dport 5224 -j ACCEPT

/sbin/iptables -A OUTPUT -j ACCEPT

/sbin/iptables -A FORWARD -j DROP

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
#
# End of script
#

 

[carpman]

Hello, ok i change my dns resolve setting to the OpenDNS resolvers IP and now i can ping and nmap update domains, traceroute seem to have issues.

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2008-07-28 16:45 GMT
Interesting ports on ka.parallels.com (64.131.90.38):
PORT     STATE SERVICE
5224/tcp open  unknown

# traceroute ka.swsoft.com
traceroute to ka.swsoft.com (64.131.90.38), 30 hops max, 38 byte packets
 1  uunet-gw.supremeservers.co.uk (194.216.112.1)  0.232 ms  0.193 ms  0.189 ms
 2  62.255.63.33 (62.255.63.33)  14.446 ms  8.047 ms  8.015 ms
 3  brhm-lam-2-tenge14-2544.network.virginmedia.net (62.255.63.34)  9.251 ms  10.289 ms  7.829 ms
 4  brhm-t3core-1a-ge-210-0.network.virginmedia.net (213.106.231.245)  7.559 ms  7.364 ms  7.056 ms
 5  bir-bb-a-so-020-0.network.virginmedia.net (213.105.174.1)  10.922 ms  7.366 ms  7.867 ms
 6  bir-bb-b-ge-000-0.network.virginmedia.net (62.253.185.154)  8.392 ms  7.498 ms  7.618 ms
 7  nth-bb-a-so-100-0.network.virginmedia.net (62.253.185.105)  7.314 ms  7.528 ms  8.053 ms
 8  * * *
 9  cr02.frf02.pccwbtn.net (80.81.192.50)  24.340 ms  23.356 ms  23.000 ms
10  servint.ge5-7.br01.wdc02.pccwbtn.net (63.218.83.2)  104.288 ms  109.548 ms  112.482 ms
11  dl1-si-dc.swsoft.net (64.131.87.10)  104.463 ms  105.278 ms  103.780 ms
12  ix7-si-dc.swsoft.net (64.131.90.221)  104.329 ms  104.464 ms  105.303 ms
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

 

[carpman]

Ok i left it overnight and seem autoupdater worked with change of dns

 

[Amin Taheri]

that trace route probably just means that they dont allow echo from out side of their network past the edge routers. We dont allow those on our network from anything not on our ip space either, so it may not be representative of a problem.