Problems with Apache2 Secure Server
Hi!!
I have a problem with mi Apache 2 Server in Red Hat. I have installed an Apache secure server with my own AC (certificate), but my web is not accessible to other computers with "https://" URL. Nevertheless, I can entry in the web since the server with the url: https://... When I entry in the page, this appear as secure page, with the padlock in the navigator, and the program ask me about the certificated. I accept this and entry in the web. So, I think the ssl configuration is ok, but I cat't find where is the error. I used OpenSSL and the SSL module included in Apache 2. I configured all the options that I known, but the result is the same. I hope somebody help me. Thank you very much!!! P.D: Pardon by my horrible English, the next time I try to do it :-D |
What do your firewall rules look like? Are you allowing all traffic in on 443/tcp?
|
Quote:
Thanks |
First tell us what your firewall rules look like. As root, run iptables -nvL then tell us what it says.
|
Hello!
Sorry, I did not have pc this weekend and I hadn't watch the iptables rules. So, I can do it now. I try to configure the firewall with the next rules: /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT /sbin/iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT but the result is the same, my server is not accessible to the rest of the world. The rules of iptables after do it are: Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2 355 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 Chain RH-Firewall-1-INPUT (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 2 355 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Can you help me? Thank you very much. |
I can provide one data more on the subject. I use the netstat command and the result is the next:
# netstat -anp | grep 443 tcp 0 0 :::443 :::* LISTEN 7815/httpd Is this the correct result? Thanks |
What is the IP address of the machine running Apache?
|
Hi,
Sorry, but unfortunately my IP address is a dynamic IP. I supouse that when I restart my computer, I will change some rules on iptables. I think that the last time I watch my IP address it was 192.168.1.33 Tomorrow, when I return job, maybe it would be different, and I don't sure if it's correct, because I don't have access now to the computer in which run Apache server. Thank you very much!! |
192.168 networks are reserved for private use and cannot communicate on the internet with that IP address. You will need to get the internet-facing system or interface that is in front of your web server to route traffic correctly. Read up on the netfilter website about NAT.
Moderators: Please move this to the proper forum (Networking) so that it can get the correct exposure. |
Uops
I confused my IP address with my internal IP. The IP of the computer I think that it is 80.59.169.142 Thanks |
All times are GMT -5. The time now is 05:16 PM. |