Re: monit – can't connect from browser
- From: Burkhard Ott <news@xxxxxxxxx>
- Date: Wed, 3 Dec 2008 23:28:20 +0100
Am Wed, 03 Dec 2008 07:03:20 -0800 schrieb Vwaju:
Guten Tag, Burkhard
Hi Vwaju, you're also learning German? :-)
I would love to learn German, but I only know a few words. Am I right
that your native language is German? (You speak English very well!)
Yes it is and Thank you for the compliment, I travel very often to the US
and Canada, I know it's not perfect but I use every time to practice it as
often as I can.
Usually the router will send a redirect to your computer that you can
access the webserver directly via 192.168.2.2, but it depends on the
router software config.
It seems that it does send a redirect, because I can reach the
webserver directly with 192.168.2.2 (from inside my LAN).
What I *cannot* do is reach the webserver from inside my LAN with
Internet address 207.237.37.110.
I think it's an bug in the router software, maybe not really a bug because
the router knows the better way would be to go via the 192.1682.0/24
network.
What you could try is to figure out you probably can disable to send icmp
redirects (just for testing purposes), it makes more sense to connect
directly so the router has nothing to do.
Thank you for this explication. It will help me to understand the
cryptic man page for iptables!
It's just practice, you could try firewallbuilder for the first time there
you can build your objects and playing around with iptables, it can also
produce a shell script then you see the whole syntax, maybe it makes it
more clearly. (apt.get install fwbuilder)
Good! I will try this from outside the LAN!
Inside the LAN, I still cannot get a connection at 2812. Working
Hypothesis: This is a result of a IMCP redirect at the router
interface.
Is that right?
I guess your forward rule in the router say forward
packets for port 2812 to 192.168.2.2:443, if this is the case than it is
the redirect.
Did you check that the port on the webserver handles ssl on port 2812,
(netstat -ntlp) if not then you need to check your ssl.conf (/etc/apache2
....), search inside the configfile for a Listen 443 and write above or
underneath this line Listen 2812, restart apache and check with netstat if
now is this port listening.
http://obliqueuniverse.org
prompted for id/password for Dell Truemobile 2300 Broadband Router
web-based administration tool
when I login, I get:
"Duplicate Administrator
This device is managed by 192.168.2.2 currently!!"
If I hit ENTER again, it takes me to the web-based router
administration tool
ok, it doesn't sounds like icmp redirect did you login from your webserver
to the router or have you a check which connects to the router from the
webserver? It sounds like you, a service or sombody logged in.
https://192.168.2.2:2812
Secure Connection Failed
192.168.2.2 uses an invalid security certificate
The certificate is not trusted because it is self-signed.
The certificate is valid only for jupiter.obliqueuniverse.org
(Error code: sec_error_ca_cert_invalid)
https://obliqueuniverse.org:2812
Failed to Connect
https://jupiter.obliqueuniverse.org:2812
Failed to Connect
I still don't understand this last 3 results!
The first thing is in your certificate the common name section has
jupiter.obliqueuniverse.org in your addressbar is 192.168.2.2, the browser
cheks both entries and detects it's not the same therefore he is yelling
about.
For 2 and 3 first check if you have a listening port 2812 on jupiter who
is able to speak ssl (i described above how to do that).
Then add the following line to /etc/hosts on your machine:
192.168.2.2 jupiter.obliqueuniverse.org
(you're faster with echo "192.168.2.2 jupiter.obliqueuniverse.org"
/etc/hosts)
Now the browser will (should) first check /etc/hosts to resolv
jupiter.obliqueuniverse.org and will connect directly but now you have the
correct name in your addressbar that matches to your certificate.
(you can also check the common name woth openssl x509 -in $YOURCERT -noout
-subject | grep "CN" then you should see jupiter.obliqueuniverse.org)
I haven't heard about wireshark. You prefer this to tcpdump? Where
do you get it?
You can use the sniffer you prefer but at the beginning you should start
with wireshark or similar, it shows the protocol stack very nice etc.
apt-get install wireshark should work or you download it at wireshark.org,
afaik they have also windows binaries.
tcpdump is just another sniffer.
If I were to find this packet, how would I correct the redirect?
The redirect is correct and it also make sense, because would you drive
downtown if the grocery store is right at the next corner.
Why using a router if the webserver is right beside in your subnet.
I assume this is a message, as you say, from the router itself, since in
some cases, when I hit ENTER again, I get the web interface to the
router administration tool.
I think now you have a login left on the webinterface or somthing similar,
but it could also be an router software issue, did you logout correctly
when you leave the admin panel (logout button or something)?
Have a great day
.
- Follow-Ups:
- Re: monit – can't connect from browser
- From: Vwaju
- Re: monit – can't connect from browser
- References:
- Re: monit – can't connect from browser
- From: Vwaju
- Re: monit – can't connect from browser
- From: Burkhard Ott
- Re: monit – can't connect from browser
- From: Vwaju
- Re: monit – can't connect from browser
- From: Burkhard Ott
- Re: monit – can't connect from browser
- From: Vwaju
- Re: monit – can't connect from browser
- Prev by Date: Re: monit – can't connect from browser
- Next by Date: Re: How to install/enable simple proxy and port forwarding?
- Previous by thread: Re: monit – can't connect from browser
- Next by thread: Re: monit – can't connect from browser
- Index(es):
Relevant Pages
|
