HTTPS on custom port
Hi!
I'm not sure if this should go in this subforum, but I think it is network related problem. I connect to svn server with custom https port and it is working on almost any machine, but on one I get: Code:
svn: OPTIONS of 'https://IP:5442/svn/apps/trunk': could not connect to server (https://IP:5442) Machine I'm having problem with is a server and another server with same version of CentOS, subverstion and neon (ra_neon is module for http and https scheme) doesn't have that problem. svn and links don't have a problem with that https link on it. One of developers that worked here earlier sad that this problem was on second server as well, but sysadmin that was working at that time resolved the issue. Don't know what he did. I checked firewall and it's properly set up. SELinux is off. What else could be a problem? What else to check? Any idea? |
Can you ping the IP address? Traceroute to it? Try clearing arp cache?
|
I can ping it, but traceroute don't work because of firewall on server.
Problematic address doesn't show up in "arp -n". |
Is iptables enabled on this machine and correct?
Can you tcpdump from the destination machine to see if traffic is getting there while testing? And,.. can you connect to it like this: Code:
openssl s_client -connect IP:PORT |
Yes, iptables is on and correct.
I don't have access to the svn server machine, so I can't use tcpdump there. openssl doesn't work. I tried svn and openssl with strace. This is part I think is relevant: openssl Code:
connect(3, {sa_family=AF_INET, sin_port=htons(5442), sin_addr=inet_addr("x.x.x.x")}, 16) = ? ERESTARTSYS (To be restarted Code:
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0 Code:
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0 |
For a double-check, if it is a safe non-production environment, I would temporarily disable iptables and test with openssl again.
Is there anything between these computers? Firewalls, VLAN settings, filtering? |
It is a production environment, so I would like to avoid turning firewall off, but this it the relevant part from iptables:
Code:
65016 39M ACCEPT all -- !lo * x.x.x.x 0.0.0.0/0 svn server is accessible from other machines, so I don't think there is something on that side that is blocking connection and client side is dedicated server at some data center. Not likely that they are blocking something. You can see from iptables that packets are coming that way. Also, I see from strace that ssl certificate is checked. There is no problem when I test openssl command on some other server with ssl on 443 port. |
All times are GMT -5. The time now is 04:02 AM. |