Quote:
Originally Posted by business_kid
"No success" tells us something is wrong, and we cannot bring any experience to bear. Exact errors "No route to host," "no such file or directory," "Sky fell in," are what we need to fix your problems.
Routing could be an issue. The Server Gateway will need a default route (either the network or the dmz) and a route to the other one - perhaps a static route.
|
"No success" is related to the second question, for the first question there is the errorcode ssl_error_rx_record_too_long
Second question was:
2) I would like to allow access from every client to a tomcat page on ServerInDMZ. The tomcat page is integrated in Apache, so the destination port of the client request is port 443
I don't mention and I don't know if its obviours, situation is as follows:
Client ------ServerGateway ----- ServerInDMZ ---- Router ---- Internet
(Intranet) DMZ
if a Client is forbidden, he is blocked out from DMZ and From Internet
I tried for 2):
- iptables string matching WebUntis (
https://ServerInDMZ/WebUntis is the destination adress which should be allowd) -> using the -j LOG of itpables shows, that matching does not work. I don't search further in this way because I'm not sure if it is the right way to solve the problem
For the next try to solve 2) I have:
REDIRECT tcp -- 0.0.0.0/0 !10.10.1.4 redir ports 8082
(10.10.1.4 is ServerGateway)
and in httpd.conf on Server Gateway:
Listen 8082
<VirtualHost *:8082 >
ServerName ifw.bk-rheinbach.net
RewriteEngine On
RewriteRule (.*/WebUntis.*$) https://schulix.bk-rheinbach.net/WebUntis/$2) [P]
RewriteRule (.*)
http://ifw.bk-rheinbach.net/gesperrt/ [R]
</VirtualHost>
If I use from the client browser an url like
http://spiegel.de
the client is redirected to ifw.bk-rheinbach.net/gesperrt/
If I use
http://schulix.bk-rheinbach.net/WebUntis/#main I see in the
clients adressbar: ifw.bk-rheinbach.net/gesperrt/#main (which I don't understand)
If I use
https://schulix.bk-rheinbach.net/WebUntis/#main I get an error message in the browser window which says (badly translated from german :-): Error: Secure connection not possible An Error occurs ... SSL has get an entry, which extends the maximal allowed length, Code ssl_error_rx_record_too_long
-------------------------------------------------
Quote:
Originally Posted by business_kid
Sounds a simple question - do you need to use a server gateway? Has it other functions in the grand scheme besides security for the DMZ. I would have thought anything in a DMZ needed to be secure enough itself.
|
Yes servergateway is needed because it runs several services to the intranet and blocks clients (in the intranet) from using dmz and internet.
Thanks
Karsten