SSL Not Working from Outside LAN

I've recently added a Red Hat 7.3 Linux server to our network running Apache and
mod_ssl. My problem is I can't make an https (over standard port 443) connection from
outside our network. I can connect via http (port 80) from both inside and outside our
LAN.

I have the necessary port pass throughs, firewall rules etc in place for both ports. It
works perfectly from inside our lan (subnet) to either http or https but not from our other
sites (different subnets) or from the internet.

I believe the problem is either an incorrect setting in httpd.conf or perhaps in a network
configuration file I've overlooked. Or ???

Any help / tips would be greatly appreciated.

Thanks
--
Jeff Umstead
IS Director
Merrill Tool Holding Company
Saginaw MI USA



This e-mail (and attachment(s)) has been virus scanned by
McAfee WebShield.

This message is intended only for use of the individual or
entity to whom it is addressed, and may contain information
that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not
the intended recipient, or the employee or agent
responsible for delivering the message to the intended
recipient, you are hereby notified that any unauthorized
use, dissemination, distribution or copying of this e-mail
or attachments, in whole or in part is strictly prohibited
and may be unlawful. If you have received this message in
error, please inform the sender by replying to this message
and then delete the message and any attachments from your
system and destroy all copies. Thank You


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSL Not Working from Outside LAN

How about a simple test to ensure it is not the firewall. Set apache to
listen to HTTPS across port 80, which you already know works outside the
firewall. Then you can easily test to ensure it is not the firewall.

Jeff


On Sun, 6 Oct 2002, Jeff Umstead wrote:

> I've recently added a Red Hat 7.3 Linux server to our network running Apache and
> mod_ssl. My problem is I can't make an https (over standard port 443) connection from
> outside our network. I can connect via http (port 80) from both inside and outside our
> LAN.
>
> I have the necessary port pass throughs, firewall rules etc in place for both ports. It
> works perfectly from inside our lan (subnet) to either http or https but not from our other
> sites (different subnets) or from the internet.
>
> I believe the problem is either an incorrect setting in httpd.conf or perhaps in a network
> configuration file I've overlooked. Or ???
>
> Any help / tips would be greatly appreciated.
>
> Thanks
> --
> Jeff Umstead
> IS Director
> Merrill Tool Holding Company
> Saginaw MI USA
>
>
>
> This e-mail (and attachment(s)) has been virus scanned by
> McAfee WebShield.
>
> This message is intended only for use of the individual or
> entity to whom it is addressed, and may contain information
> that is privileged, confidential and exempt from disclosure
> under applicable law. If the reader of this message is not
> the intended recipient, or the employee or agent
> responsible for delivering the message to the intended
> recipient, you are hereby notified that any unauthorized
> use, dissemination, distribution or copying of this e-mail
> or attachments, in whole or in part is strictly prohibited
> and may be unlawful. If you have received this message in
> error, please inform the sender by replying to this message
> and then delete the message and any attachments from your
> system and destroy all copies. Thank You
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSL Not Working from Outside LAN

Good idea! I'll have to wait until tomorrow to try that.

I did however do some packet sniffing and noticed that tcp packets
from outside the firewall do get to the web server and the web
server returns tcp packets. But never returns any SSL ( actually
SSLv2 protocol I think) packets. Watching the packets for http the
tcp and http packets pass back and forth.

Thanks
--
Jeff Umstead
IS Director
Merrill Tool Holding Company
Saginaw MI USA


On 6 Oct 2002 at 10:10, Jeffrey Burgoyne wrote:

>
> How about a simple test to ensure it is not the firewall. Set apache
> to listen to HTTPS across port 80, which you already know works
> outside the firewall. Then you can easily test to ensure it is not
the
> firewall.
>
> Jeff
>
>
> On Sun, 6 Oct 2002, Jeff Umstead wrote:
>
> > I've recently added a Red Hat 7.3 Linux server to our network
> > running Apache and mod_ssl. My problem is I can't make an
https
> > (over standard port 443) connection from outside our network.
I can
> > connect via http (port 80) from both inside and outside our LAN.
> >
> > I have the necessary port pass throughs, firewall rules etc in
place
> > for both ports. It works perfectly from inside our lan (subnet) to
> > either http or https but not from our other sites (different
> > subnets) or from the internet.
> >
> > I believe the problem is either an incorrect setting in httpd.conf
> > or perhaps in a network configuration file I've overlooked. Or
???
> >
> > Any help / tips would be greatly appreciated.
> >



This e-mail (and attachment(s)) has been virus scanned by
McAfee WebShield.

This message is intended only for use of the individual or
entity to whom it is addressed, and may contain information
that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not
the intended recipient, or the employee or agent
responsible for delivering the message to the intended
recipient, you are hereby notified that any unauthorized
use, dissemination, distribution or copying of this e-mail
or attachments, in whole or in part is strictly prohibited
and may be unlawful. If you have received this message in
error, please inform the sender by replying to this message
and then delete the message and any attachments from your
system and destroy all copies. Thank You


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: SSL Not Working from Outside LAN

Have you also ran "ipchains -L" to see what you get? You may well have set
up a firewall that prevents packets coming in.

If you get this: "ipchains: Incompatible with this kernel", then you don't
have a firewall on the server. If you get anything else, it could be
stopping packets coming in.

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

Theories of evolution are like buses - there'll be another one along in a
minute


> -----Original Message-----
> From: Jeff Umstead [mailto:jumstead@merritech.com]
> Sent: 06 October 2002 16:03
> To: modssl-users@modssl.org
> Subject: Re: SSL Not Working from Outside LAN
>
>
> Good idea! I'll have to wait until tomorrow to try that.
>
> I did however do some packet sniffing and noticed that tcp packets
> from outside the firewall do get to the web server and the web
> server returns tcp packets. But never returns any SSL ( actually
> SSLv2 protocol I think) packets. Watching the packets for http the
> tcp and http packets pass back and forth.
>
> Thanks
> --
> Jeff Umstead
> IS Director
> Merrill Tool Holding Company
> Saginaw MI USA
>
>
> On 6 Oct 2002 at 10:10, Jeffrey Burgoyne wrote:
>
> >
> > How about a simple test to ensure it is not the firewall. Set apache
> > to listen to HTTPS across port 80, which you already know works
> > outside the firewall. Then you can easily test to ensure it is not
> the
> > firewall.
> >
> > Jeff
> >
> >
> > On Sun, 6 Oct 2002, Jeff Umstead wrote:
> >
> > > I've recently added a Red Hat 7.3 Linux server to our network
> > > running Apache and mod_ssl. My problem is I can't make an
> https
> > > (over standard port 443) connection from outside our network.
> I can
> > > connect via http (port 80) from both inside and outside our LAN.
> > >
> > > I have the necessary port pass throughs, firewall rules etc in
> place
> > > for both ports. It works perfectly from inside our lan
> (subnet) to
> > > either http or https but not from our other sites (different
> > > subnets) or from the internet.
> > >
> > > I believe the problem is either an incorrect setting in httpd.conf
> > > or perhaps in a network configuration file I've overlooked. Or
> ???
> > >
> > > Any help / tips would be greatly appreciated.
> > >
>
>
>
> This e-mail (and attachment(s)) has been virus scanned by
> McAfee WebShield.
>
> This message is intended only for use of the individual or
> entity to whom it is addressed, and may contain information
> that is privileged, confidential and exempt from disclosure
> under applicable law. If the reader of this message is not
> the intended recipient, or the employee or agent
> responsible for delivering the message to the intended
> recipient, you are hereby notified that any unauthorized
> use, dissemination, distribution or copying of this e-mail
> or attachments, in whole or in part is strictly prohibited
> and may be unlawful. If you have received this message in
> error, please inform the sender by replying to this message
> and then delete the message and any attachments from your
> system and destroy all copies. Thank You
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: SSL Not Working from Outside LAN

John,

I think that was it. I had cleared the ipchains list stopped and restarted it. Even though
it said accept all for input, output and forward it was still stopping it. So I stopped
ipchains from running at start up for all levels restarted the Linux box and it now works!

Thanks for the help

--
Jeff Umstead
IS Director
Merrill Tool Holding Company
Saginaw MI USA


On 7 Oct 2002 John.Airey@rnib.org.uk wrote:


> Have you also ran "ipchains -L" to see what you get? You may well have set
> up a firewall that prevents packets coming in.
>
> If you get this: "ipchains: Incompatible with this kernel", then you don't
> have a firewall on the server. If you get anything else, it could be
> stopping packets coming in.
>
> -
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
>
> Theories of evolution are like buses - there'll be another one along in a
> minute
>
>
> > -----Original Message-----
> > From: Jeff Umstead [mailto:jumstead@merritech.com]
> > Sent: 06 October 2002 16:03
> > To: modssl-users@modssl.org
> > Subject: Re: SSL Not Working from Outside LAN
> >
> >
> > Good idea! I'll have to wait until tomorrow to try that.
> >
> > I did however do some packet sniffing and noticed that tcp packets
> > from outside the firewall do get to the web server and the web
> > server returns tcp packets. But never returns any SSL ( actually
> > SSLv2 protocol I think) packets. Watching the packets for http the
> > tcp and http packets pass back and forth.
> >
> > Thanks
> > --
> > Jeff Umstead
> > IS Director
> > Merrill Tool Holding Company
> > Saginaw MI USA
> >
> >
> > On 6 Oct 2002 at 10:10, Jeffrey Burgoyne wrote:
> >
> > >
> > > How about a simple test to ensure it is not the firewall. Set apache
> > > to listen to HTTPS across port 80, which you already know works
> > > outside the firewall. Then you can easily test to ensure it is not
> > the
> > > firewall.
> > >
> > > Jeff
> > >
> > >
> > > On Sun, 6 Oct 2002, Jeff Umstead wrote:
> > >
> > > > I've recently added a Red Hat 7.3 Linux server to our network
> > > > running Apache and mod_ssl. My problem is I can't make an
> > https
> > > > (over standard port 443) connection from outside our network.
> > I can
> > > > connect via http (port 80) from both inside and outside our LAN.
> > > >
> > > > I have the necessary port pass throughs, firewall rules etc in
> > place
> > > > for both ports. It works perfectly from inside our lan
> > (subnet) to
> > > > either http or https but not from our other sites (different
> > > > subnets) or from the internet.
> > > >
> > > > I believe the problem is either an incorrect setting in httpd.conf
> > > > or perhaps in a network configuration file I've overlooked. Or
> > ???
> > > >
> > > > Any help / tips would be greatly appreciated.
> > > >
> >



This e-mail (and attachment(s)) has been virus scanned by
McAfee WebShield.

This message is intended only for use of the individual or
entity to whom it is addressed, and may contain information
that is privileged, confidential and exempt from disclosure
under applicable law. If the reader of this message is not
the intended recipient, or the employee or agent
responsible for delivering the message to the intended
recipient, you are hereby notified that any unauthorized
use, dissemination, distribution or copying of this e-mail
or attachments, in whole or in part is strictly prohibited
and may be unlawful. If you have received this message in
error, please inform the sender by replying to this message
and then delete the message and any attachments from your
system and destroy all copies. Thank You


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: SSL Not Working from Outside LAN

Great. "chkconfig ipchains off" should stop it running in all runlevels.

John

> -----Original Message-----
> From: Jeff Umstead [mailto:jumstead@merritech.com]
> Sent: 07 October 2002 16:01
> To: modssl-users@modssl.org
> Subject: RE: SSL Not Working from Outside LAN
>
>
> John,
>
> I think that was it. I had cleared the ipchains list stopped
> and restarted it. Even though
> it said accept all for input, output and forward it was still
> stopping it. So I stopped
> ipchains from running at start up for all levels restarted
> the Linux box and it now works!
>
> Thanks for the help
>
> --
> Jeff Umstead
> IS Director
> Merrill Tool Holding Company
> Saginaw MI USA
>
>
> On 7 Oct 2002 John.Airey@rnib.org.uk wrote:
>
>
> > Have you also ran "ipchains -L" to see what you get? You
> may well have set
> > up a firewall that prevents packets coming in.
> >
> > If you get this: "ipchains: Incompatible with this kernel",
> then you don't
> > have a firewall on the server. If you get anything else, it could be
> > stopping packets coming in.
> >
> > -
> > John Airey, BSc (Jt Hons), CNA, RHCE
> > Internet systems support officer, ITCSD, Royal National
> Institute of the
> > Blind,
> > Bakewell Road, Peterborough PE2 6XU,
> > Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
> John.Airey@rnib.org.uk
> >
> > Theories of evolution are like buses - there'll be another
> one along in a
> > minute
> >
> >
> > > -----Original Message-----
> > > From: Jeff Umstead [mailto:jumstead@merritech.com]
> > > Sent: 06 October 2002 16:03
> > > To: modssl-users@modssl.org
> > > Subject: Re: SSL Not Working from Outside LAN
> > >
> > >
> > > Good idea! I'll have to wait until tomorrow to try that.
> > >
> > > I did however do some packet sniffing and noticed that
> tcp packets
> > > from outside the firewall do get to the web server and the web
> > > server returns tcp packets. But never returns any SSL ( actually
> > > SSLv2 protocol I think) packets. Watching the packets
> for http the
> > > tcp and http packets pass back and forth.
> > >
> > > Thanks
> > > --
> > > Jeff Umstead
> > > IS Director
> > > Merrill Tool Holding Company
> > > Saginaw MI USA
> > >
> > >
> > > On 6 Oct 2002 at 10:10, Jeffrey Burgoyne wrote:
> > >
> > > >
> > > > How about a simple test to ensure it is not the
> firewall. Set apache
> > > > to listen to HTTPS across port 80, which you already know works
> > > > outside the firewall. Then you can easily test to
> ensure it is not
> > > the
> > > > firewall.
> > > >
> > > > Jeff
> > > >
> > > >
> > > > On Sun, 6 Oct 2002, Jeff Umstead wrote:
> > > >
> > > > > I've recently added a Red Hat 7.3 Linux server to our network
> > > > > running Apache and mod_ssl. My problem is I can't make an
> > > https
> > > > > (over standard port 443) connection from outside our
> network.
> > > I can
> > > > > connect via http (port 80) from both inside and
> outside our LAN.
> > > > >
> > > > > I have the necessary port pass throughs, firewall
> rules etc in
> > > place
> > > > > for both ports. It works perfectly from inside our lan
> > > (subnet) to
> > > > > either http or https but not from our other sites (different
> > > > > subnets) or from the internet.
> > > > >
> > > > > I believe the problem is either an incorrect setting
> in httpd.conf
> > > > > or perhaps in a network configuration file I've
> overlooked. Or
> > > ???
> > > > >
> > > > > Any help / tips would be greatly appreciated.
> > > > >
> > >
>
>
>
> This e-mail (and attachment(s)) has been virus scanned by
> McAfee WebShield.
>
> This message is intended only for use of the individual or
> entity to whom it is addressed, and may contain information
> that is privileged, confidential and exempt from disclosure
> under applicable law. If the reader of this message is not
> the intended recipient, or the employee or agent
> responsible for delivering the message to the intended
> recipient, you are hereby notified that any unauthorized
> use, dissemination, distribution or copying of this e-mail
> or attachments, in whole or in part is strictly prohibited
> and may be unlawful. If you have received this message in
> error, please inform the sender by replying to this message
> and then delete the message and any attachments from your
> system and destroy all copies. Thank You
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org