LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-31-2006, 10:09 AM   #1
javi_jaz1984
LQ Newbie
 
Registered: Mar 2006
Posts: 6

Rep: Reputation: 0
Unhappy Problems with Apache2 Secure Server


Hi!!

I have a problem with mi Apache 2 Server in Red Hat.

I have installed an Apache secure server with my own AC (certificate), but my web is not accessible to other computers with "https://" URL.

Nevertheless, I can entry in the web since the server with the url: https://... When I entry in the page, this appear as secure page, with the padlock in the navigator, and the program ask me about the certificated. I accept this and entry in the web. So, I think the ssl configuration is ok, but I cat't find where is the error.

I used OpenSSL and the SSL module included in Apache 2.

I configured all the options that I known, but the result is the same.

I hope somebody help me.

Thank you very much!!!

P.D: Pardon by my horrible English, the next time I try to do it :-D
 
Old 03-31-2006, 11:18 AM   #2
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
What do your firewall rules look like? Are you allowing all traffic in on 443/tcp?
 
Old 03-31-2006, 11:47 AM   #3
javi_jaz1984
LQ Newbie
 
Registered: Mar 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by int0x80
What do your firewall rules look like? Are you allowing all traffic in on 443/tcp?
Perhaps I don't recieved traffic on 443. How can I open this port to the rest of the world in Red Hat Linux?

Thanks
 
Old 03-31-2006, 01:26 PM   #4
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
First tell us what your firewall rules look like. As root, run iptables -nvL then tell us what it says.
 
Old 04-03-2006, 03:32 AM   #5
javi_jaz1984
LQ Newbie
 
Registered: Mar 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Hello!

Sorry, I did not have pc this weekend and I hadn't watch the iptables rules.
So, I can do it now. I try to configure the firewall with the next rules:

/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT

but the result is the same, my server is not accessible to the rest of the world.

The rules of iptables after do it are:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 355 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
2 355 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Can you help me?

Thank you very much.
 
Old 04-03-2006, 06:00 AM   #6
javi_jaz1984
LQ Newbie
 
Registered: Mar 2006
Posts: 6

Original Poster
Rep: Reputation: 0
I can provide one data more on the subject. I use the netstat command and the result is the next:

# netstat -anp | grep 443


tcp 0 0 :::443 :::* LISTEN 7815/httpd

Is this the correct result?

Thanks
 
Old 04-03-2006, 07:14 AM   #7
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
What is the IP address of the machine running Apache?
 
Old 04-03-2006, 04:03 PM   #8
javi_jaz1984
LQ Newbie
 
Registered: Mar 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Hi,

Sorry, but unfortunately my IP address is a dynamic IP. I supouse that when I restart my computer, I will change some rules on iptables. I think that the last time I watch my IP address it was 192.168.1.33

Tomorrow, when I return job, maybe it would be different, and I don't sure if it's correct, because I don't have access now to the computer in which run Apache server.

Thank you very much!!
 
Old 04-03-2006, 04:06 PM   #9
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
192.168 networks are reserved for private use and cannot communicate on the internet with that IP address. You will need to get the internet-facing system or interface that is in front of your web server to route traffic correctly. Read up on the netfilter website about NAT.

Moderators: Please move this to the proper forum (Networking) so that it can get the correct exposure.
 
Old 04-03-2006, 04:31 PM   #10
javi_jaz1984
LQ Newbie
 
Registered: Mar 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Uops
I confused my IP address with my internal IP. The IP of the computer I think that it is 80.59.169.142

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTPD server problems redhat 9 apache2 R Audano Linux - Networking 1 01-02-2005 03:53 PM
Setting up secure apache2 webserver https access on suse linux 9.2 svanati Suse/Novell 4 12-21-2004 08:07 PM
apache2 server karan101 Linux - Software 1 11-13-2004 06:19 PM
Is OS X secure enough to use as a server? Travis86 Other *NIX 9 10-15-2004 11:23 PM
secure pop3 server JustinHoMi Linux - Security 2 10-26-2001 05:55 PM


All times are GMT -5. The time now is 08:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration