Problems with Apache2 Secure Server
 

Hi!!

I have a problem with mi Apache 2 Server in Red Hat.

I have installed an Apache secure server with my own AC (certificate), but my web is not accessible to other computers with "https://" URL.

Nevertheless, I can entry in the web since the server with the url: https://... When I entry in the page, this appear as secure page, with the padlock in the navigator, and the program ask me about the certificated. I accept this and entry in the web. So, I think the ssl configuration is ok, but I cat't find where is the error.

I used OpenSSL and the SSL module included in Apache 2.

I configured all the options that I known, but the result is the same.

I hope somebody help me.

Thank you very much!!!

P.D: Pardon by my horrible English, the next time I try to do it :-D

What do your firewall rules look like? Are you allowing all traffic in on 443/tcp?

Perhaps I don't recieved traffic on 443. How can I open this port to the rest of the world in Red Hat Linux?

Thanks

First tell us what your firewall rules look like. As root, run iptables -nvL then tell us what it says.

Hello!

Sorry, I did not have pc this weekend and I hadn't watch the iptables rules.
So, I can do it now. I try to configure the firewall with the next rules:

/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT

but the result is the same, my server is not accessible to the rest of the world.

The rules of iptables after do it are:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 355 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
2 355 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Can you help me?

Thank you very much.

I can provide one data more on the subject. I use the netstat command and the result is the next:

# netstat -anp | grep 443


tcp 0 0 :::443 :::* LISTEN 7815/httpd

Is this the correct result?

Thanks

What is the IP address of the machine running Apache?

Hi,

Sorry, but unfortunately my IP address is a dynamic IP. I supouse that when I restart my computer, I will change some rules on iptables. I think that the last time I watch my IP address it was 192.168.1.33

Tomorrow, when I return job, maybe it would be different, and I don't sure if it's correct, because I don't have access now to the computer in which run Apache server.

Thank you very much!!

192.168 networks are reserved for private use and cannot communicate on the internet with that IP address. You will need to get the internet-facing system or interface that is in front of your web server to route traffic correctly. Read up on the netfilter website about NAT.

Moderators: Please move this to the proper forum (Networking) so that it can get the correct exposure.

Uops
I confused my IP address with my internal IP. The IP of the computer I think that it is 80.59.169.142

Thanks