From owner-freebsd-questions  Mon Feb 12  6: 3:27 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from [209.239.36.156] (host2.hostmatters.com [209.239.36.156])
	by hub.freebsd.org (Postfix) with ESMTP id 7B9E437B503
	for <questions@freebsd.org>; Mon, 12 Feb 2001 06:03:23 -0800 (PST)
Received: from nhqadmin17 (224host88.redcross.org [162.6.224.88])
	by [209.239.36.156] (8.10.2/8.10.2) with SMTP id f1CE3Jc14536
	for <questions@freebsd.org>; Mon, 12 Feb 2001 09:03:19 -0500
Message-ID: <006401c094fc$c1611b50$6102a00a@nhqadmin17>
From: "Ben" <ben@cahostnet.net>
To: <questions@freebsd.org>
Subject: SSL issues
Date: Mon, 12 Feb 2001 09:04:45 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0061_01C094D2.D841AE40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This is a multi-part message in MIME format.

------=_NextPart_000_0061_01C094D2.D841AE40
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I'm having some problems with SSL going through my firewall, at least I =
think. I installed Apache with the mod-ssl and a apache seems to be =
running fine.  I start it with the startssl command but I can't seem to =
hit the site with ssl both from the outside and internally using =
192.168.1.x address.  I'm not 100% convinced that it's the firewall b/c =
I can't even hit it locally but I can get to the http site from both =
interanlly and externally. =20

After installing the mod-ssl apache what else do I need to do to have =
ssl working.  Doesn't it create a sample ssl cert for use?  Or do I have =
to do it myself.  I used the /stand/sysinstall to install apache.  Below =
is what I have as a rule for http and https.  Can you tell me if that =
will work?  Also what else I need to do to get ssl working.  And how I =
can test it locally or from the inside the network.

# SSL- Allow access to our web server through port 443
${fwcmd} add check-state
${fwcmd} add pass tcp from any to any 443 keep-state
${fwcmd} add check-state=20
${fwcmd} add pass tcp from ${oif} to ${iif} 443 keep-state

# HTTP - Allow access to our web server
${fwcmd} add check-state
${fwcmd} add pass tcp from any to any 80 keep-state=20
${fwcmd} add check-state
${fwcmd} add pass tcp from ${oif} to ${iif} 80 keep-state

I may not need the last rules but I put them there to have connections =
from the inside.

Thanks,
Ben

------=_NextPart_000_0061_01C094D2.D841AE40
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4611.1300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I'm having some problems with SSL going =
through my=20
firewall, at least I think. I installed Apache with the mod-ssl and a =
apache=20
seems to be running fine.&nbsp; I start it with the startssl command but =
I can't=20
seem to hit the site with ssl both from the outside and internally using =

192.168.1.x address.&nbsp; I'm not 100% convinced that it's the firewall =
b/c I=20
can't even hit it locally but I can get to the http site from both =
interanlly=20
and externally.&nbsp; </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>After installing the mod-ssl apache =
what else do I=20
need to do to have ssl working.&nbsp; Doesn't it create a sample ssl =
cert for=20
use?&nbsp; Or do I have to do it myself.&nbsp; I used the =
/stand/sysinstall to=20
install apache.&nbsp; Below is what I have as a rule for http and =
https.&nbsp;=20
Can you tell me if that will work?&nbsp; Also what else I need to do to =
get ssl=20
working.&nbsp; And how I can test it locally or from the inside the=20
network.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2># SSL- Allow access to our web server =
through port=20
443</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} add check-state</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} add pass tcp from any to any =
443=20
keep-state</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} =
add&nbsp;check-state&nbsp;<BR>${fwcmd} add=20
pass tcp from ${oif} to ${iif} 443 keep-state<BR></DIV></FONT>
<DIV><FONT face=3DArial size=3D2># HTTP - Allow access to our web=20
server</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} add check-state<BR>${fwcmd} =
add pass tcp=20
from any to any 80 keep-state <BR>${fwcmd} add check-state</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} add pass tcp from ${oif} to =
${iif} 80=20
keep-state</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I may not need the last rules but I put =
them there=20
to have connections from the inside.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Thanks,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Ben</DIV></FONT></BODY></HTML>

------=_NextPart_000_0061_01C094D2.D841AE40--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message