The client is in the 'net' zone. (remote computer) I am attempting to
connect to my webmin server at home from work and it is failing when I try
to login to webmin over ssl. Please note that if I allow the page to time
out then I hit the back button my page is there. Why would this happen?
But... if I try to login to the webmin server from the 'loc' zone over ssl
it allows me to login without any problems. This all leads me to think that
I am missing something with how SSL is dealing with my firewall. I have
tested webmin one my loc network and remote network over a standard http
connection without any issues at all. It seems that ssl is having some sort
of problem with my ruleset. Perhaps all that I need is to add the
destination into my rule like you have shown below.
Your thoughts...
-----Original Message-----
From: Tom Eastep [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 27, 2002 2:18 PM
To: Troy Aden
Cc: Leaf-User (E-mail)
Subject: Re: [leaf-user] Shorewall question
Troy Aden wrote:
> Just a footnote to this. I can connect within my LAN to the webmin
> just fine so I am forced to conclude that it is a problem with my firewall
> rules. Thanks.
These sorts of problems can be associated with MTU discovery problems as
well as rules -- is the client in the 'net' zone that you are trying to
log in from on the same lan segment as your firewall or is it remote?
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ [EMAIL PROTECTED]
-----Original Message-----
From: Tom Eastep [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 27, 2002 2:15 PM
To: Troy Aden
Cc: Leaf-User (E-mail)
Subject: Re: [leaf-user] Shorewall question
Troy Aden wrote:
> I currently have a server running behind my Bering box. The rules that I
> have set up in shorewall rules are as follows:
>
> #Access to my web server
>
> DNAT net loc:192.168.1.2 80
>
> #Access to my webmin server
>
> DNAT net loc:192.168.1.2:25000 https
>
> The problem seems to be with my webmin rule. I can access the server fine
> remotely with https://x.y.z.x. But when I try and login the page proceeds
to
> sit until it times out. The weird thing that happens is that if I hit the
> <back> button on my browser, my webmin is there and I can work with it.. I
> am suspecting that I have entered the webmin rule incorrectly. Can anyone
> help me out?
>
I assume that the two rules are:
DNAT net loc:192.168.1.2 tcp 80
DNAT net loc:192.168.1.2:25000 tcp https
and that you have configured webmin to listen on port 25000 (as opposed to
the default 10000).
If that is the case then the second rule should work fine -- I just
verified it with a similar rule on my setup:
DNAT net loc:192.168.1.5:10000 tcp 8081 - 206.124.147.176
I specified an original IP address because I have several on my firewall
external interface.
From the net, I connected to http://206.124.146.176:8081 and was able to
log into webmin normally.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ [EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
