JustAnswer > Computer
Ask A Question|Register|Login|Help
JustAnswer

Computer
Ask a Computer Question, Get an Answer ASAP!

Have your own Computer question?

17 Tech Support Specialists are Online Now
characters left:
Not a Computer Question?

Question

I have Squid and Webmin installed and running on a remotely-hosted server (Fedora Core 6).

I cannot access the server through https://xxx.xxx.xxx.xxx:10000/. Not sure but I suspect this is a firewall/port issue.

Submitted: 665 days and 23 hours ago.
Category: Computer
Value: $30
Status: AWAITING EXPERT REPLY
+
Read More

Optional Information

Optional Information:
OS: Windows XP; Browser: Firefox

Already Tried:
I am using Windows XP with Firefox. I can access the server using PuTTY (logged in as root).

Accepted Answer

hello!

1) So this server is on your local network, or you have already worked out translating a public address to a private address, seeing as putty works.

putty's SSL port is going to be open by default most of the time.

Get a terminal screen on the linux computer and issue the command (you must be root)

service iptables status

If you get a long feed of lines, or can recognize that it is running, turn it off (just for testing purposes, we'll turn it back on after we get things working).

service iptables stop

Try to connect to your application now.

Also, make sure that Squid and webmin .conf files are all configured correctly.

Hopefully this will get you pointed in the right direction. If the firewall issue doesn't help, than we'll work on something else.

2) You don't have any security appliances that would allow SSL based programs, but nothing else to pass through in between you and the box do you?

Answer my 2 questions with the numbers that are bold. We'll go from there.


Picture
Expert: Branden
Pos. Feedback: 100.0 %
Accepts: 63
Answered: 1/11/2008

Technology Diagnostician

Home computing, SMB issues, Enterprise security, Oracle Databases, Linux administration

665 days and 22 hours ago.

Reply

Thank you Branden, I have been trying to figure this out on my own for hours and hours. But I know nothing about Linux. I'll do my best to reply in a way that makes sense to us both

1. This is a dedicated server hosted halfway across the country. I downloaded PuTTY, and connected using the server IP (host 22, SSH-type connection).

service iptables status
Firewall is stopped.

I then tried

system-config-securitylevel-tui (enabled firewall)
iptables -I RH-Firewall-1-INPUT 6 -m state --state NEW -m tcp -p icp --dport 10000 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
service iptables status

Which gave me the long line of feeds. I have since restarted the server, so the firewall is back off.

"Also, make sure that Squid and webmin .conf files are all configured correctly."

I have no idea if they are configured correctly.

2. I have no idea, so probably not.

Posted by Branden 665 days and 21 hours ago.

Answer

Very nice explanations. I wish everyone responded like that!

Well, if the server is half way across the country, then there is most DEFINITELY security appliances between you and the machine. Most of which have no affect, but if this server is hosted by a company that provides a service, than they probably have every port locked down except for SSH.

If you are using putty to connect to the server. You can use the tunnel function in putty, to create a tunnel to the server. In this case, even if the server is locked down, you should be able to access the web page you desire by piggy-backing over SSH.

  1. Open putty.
  2. Load, but NOT open your session for this server.
  3. On the left, go down to "tunnels".
  4. In source port, put 443 . This is the default https port, but it doesn't hurt to double check that your server isn't set to a different one.
  5. in destination put YOURSERVERIP:10000 (or whatever the default port for the application you are using).
  6. Click ADD
  7. YOU MUST go back up to session, and save your session, or this will disappear after the first connection.
  8. Connect to the server with putty, and log in.
  9. Now go to your browser and put https://localhost
  10. if that doesn't work try forcing it with https://localhost:443
  11. you can use 127.0.0.1 in place of localhost if it doesn't work.

You can use this program to forward any port with the following guidelines.
source port can be whatever you wish, as long as you can specify what it is. if you're using your browser, make sure it's 80, 8080, or 443 (in the case of https)
the destination should be the servers IP, and the port that the application uses.
Once you connect through putty, you will always connect to your "localhost" or 127.0.0.1 to fool the computer to try to connect to itself to then forward the packet over SSL to the destination.

Good luck and let me know how this works.

665 days and 21 hours ago.

Reply

Thank you, I think we're almost there. Here is what nmap tells me:

Starting Nmap 4.52 ( http://insecure.org ) at 2008-01-11 13:11 Central Standard Time
Initiating Ping Scan at 13:11
Scanning 66.36.229.88 [2 ports]
Completed Ping Scan at 13:11, 0.16s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:11
Completed Parallel DNS resolution of 1 host. at 13:11, 0.03s elapsed
Initiating SYN Stealth Scan at 13:11
Scanning 66.36.229.88 [1714 ports]
Discovered open port 22/tcp on 66.36.229.88
Completed SYN Stealth Scan at 13:11, 9.63s elapsed (1714 total ports)
Host 66.36.229.88 appears to be up ... good.
Interesting ports on 66.36.229.88:
Not shown: 1711 filtered ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp closed https
631/tcp closed ipp

That looks like 443 (https) is closed. Does that need to be fixed first? If so, how?

Posted by Branden 665 days and 21 hours ago.

Answer

Yeah thats telling us that only SSH is open.

Using the tunnel should get you in. Unless you can ask who ever owns the hardware or Connection service to open up 443.

Nmap. I'm impressed. Had I known you had that kind of knowledge, I would have suggested it! Most people who come here would reply.

"wut is nmap i dun c wat it ha sto withm y problem."

Which Is why I enjoy my time with people like yourself. Full sentences are so refreshing!

Good luck

665 days and 21 hours ago.

Reply

Okay, I'll give this a shot.

Half the stuff I wrote (including nmap) makes absolutely no sense to me. I just find stuff online, and if it sounds related I give it a shot. Like a bull in a china shop, I know. So far nothing broken, so that's good. I'll follow-up shortly.

Posted by Branden 664 days and 14 hours ago.

Answer

Let me know how it works out.

I'll be checking periodically this weekend.

664 days ago.

Reply

I was unable to get through using port 443, but someone else I was asking for help suggested I use port 80 (which did work). I appreciate your help and will accept your answer.

Sean

+
Read More

Related Computer Questions

  • I have deleted all external links in an Excel file, but when
  • I lost my ccna certification
  • I want to save picture files in JPG mode. It is now in Photo...
  • hello, i have a panasonic CF2 labtop, and when i switch it
  • My Nero Recode 2 program copied a DVD, but there was no soun...
  • tablet won't work on my toshiba portege M200. I had to repla...
  • In Coreldraw 11,and 13, how do we get a customized color pal...
  • I recently installed an HP scanner G3110. When the solution



Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.
Question List | Become an Expert | Terms of Service | Security & Privacy | About Us
© 2003-2009 JustAnswer Corp.