Date: Mon, 12 Feb 2001 09:04:45 -0500 From: "Ben" <ben@cahostnet.net> To: <questions@freebsd.org> Subject: SSL issues Message-ID: <006401c094fc$c1611b50$6102a00a@nhqadmin17>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0061_01C094D2.D841AE40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I'm having some problems with SSL going through my firewall, at least I =
think. I installed Apache with the mod-ssl and a apache seems to be =
running fine. I start it with the startssl command but I can't seem to =
hit the site with ssl both from the outside and internally using =
192.168.1.x address. I'm not 100% convinced that it's the firewall b/c =
I can't even hit it locally but I can get to the http site from both =
interanlly and externally. =20
After installing the mod-ssl apache what else do I need to do to have =
ssl working. Doesn't it create a sample ssl cert for use? Or do I have =
to do it myself. I used the /stand/sysinstall to install apache. Below =
is what I have as a rule for http and https. Can you tell me if that =
will work? Also what else I need to do to get ssl working. And how I =
can test it locally or from the inside the network.
# SSL- Allow access to our web server through port 443
${fwcmd} add check-state
${fwcmd} add pass tcp from any to any 443 keep-state
${fwcmd} add check-state=20
${fwcmd} add pass tcp from ${oif} to ${iif} 443 keep-state
# HTTP - Allow access to our web server
${fwcmd} add check-state
${fwcmd} add pass tcp from any to any 80 keep-state=20
${fwcmd} add check-state
${fwcmd} add pass tcp from ${oif} to ${iif} 80 keep-state
I may not need the last rules but I put them there to have connections =
from the inside.
Thanks,
Ben
------=_NextPart_000_0061_01C094D2.D841AE40
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4611.1300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I'm having some problems with SSL going =
through my=20
firewall, at least I think. I installed Apache with the mod-ssl and a =
apache=20
seems to be running fine. I start it with the startssl command but =
I can't=20
seem to hit the site with ssl both from the outside and internally using =
192.168.1.x address. I'm not 100% convinced that it's the firewall =
b/c I=20
can't even hit it locally but I can get to the http site from both =
interanlly=20
and externally. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>After installing the mod-ssl apache =
what else do I=20
need to do to have ssl working. Doesn't it create a sample ssl =
cert for=20
use? Or do I have to do it myself. I used the =
/stand/sysinstall to=20
install apache. Below is what I have as a rule for http and =
https. =20
Can you tell me if that will work? Also what else I need to do to =
get ssl=20
working. And how I can test it locally or from the inside the=20
network.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2># SSL- Allow access to our web server =
through port=20
443</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} add check-state</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} add pass tcp from any to any =
443=20
keep-state</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} =
add check-state <BR>${fwcmd} add=20
pass tcp from ${oif} to ${iif} 443 keep-state<BR></DIV></FONT>
<DIV><FONT face=3DArial size=3D2># HTTP - Allow access to our web=20
server</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} add check-state<BR>${fwcmd} =
add pass tcp=20
from any to any 80 keep-state <BR>${fwcmd} add check-state</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>${fwcmd} add pass tcp from ${oif} to =
${iif} 80=20
keep-state</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I may not need the last rules but I put =
them there=20
to have connections from the inside.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Ben</DIV></FONT></BODY></HTML>
------=_NextPart_000_0061_01C094D2.D841AE40--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006401c094fc$c1611b50$6102a00a>