[afnog] https through NAT

Graham Beneke graham at neology.co.za
Fri Oct 5 20:49:59 UTC 2012


On 05/10/2012 18:14, abel ELITCHA wrote:
> I'm using RHEL 6.3 for the web server "apache" and iptables are not
> using; not yet (i mean all traffics are allowed to all ports ), and
> sestatus return SELinux diabled!

Are we talking about one single client reaching one single server or are
you having trouble reaching all secure sites through the NAT?

How much of this network is under your administration?

> 2012/10/5 Hervey Allen <hervey at nsrc.org <mailto:hervey at nsrc.org>>
> 
>     On 10/5/12 12:45 PM, abel ELITCHA wrote:
>     > yes, i'm facing an issue;
>     >
>     > i can't access my web server using https (ssl/tls2) through a NAT from
>     > the internet.  The navigator (i'm using most of the time
>     google-chrome),
>     > is giving the error "*la connexion au serveur a été interrompue*" -
>     > meaning "*the connection was stopped*".
>     >
>     > In addition the response time from a ping command is betwen 2000 and
>     > 2900 milliseconds (too long for me, isn't??).
>     >
>     > thank for your help.
>     >
> 
>     On the machine where you are running the web server is there a firewall
>     blocking port 443? For instance, if you are using CentOS/RHEL you may
>     have iptables with rules that are allowing traffic to port 80, but other
>     traffic is blocked.
> 
>     Cheers,
>             - Hervey Allen
> 
>     > 2012/10/5 Jean-Baptiste OTTE <aristotte at gmail.com
>     <mailto:aristotte at gmail.com>
>     > <mailto:aristotte at gmail.com <mailto:aristotte at gmail.com>>>
>     >
>     >     Yes.
>     >     Are you facing an issue with ?
>     >
>     >     Best Regards,
>     >
>     >     On Oct 3, 2012 5:23 PM, "abel ELITCHA" <kmw.elitcha at gmail.com
>     <mailto:kmw.elitcha at gmail.com>
>     >     <mailto:kmw.elitcha at gmail.com <mailto:kmw.elitcha at gmail.com>>>
>     wrote:
>     >
>     >         HELLO GUYS,
>     >
>     >         Can you tell me please if the https protocol can efficiently
>     >         work through a Network Address Translating???
>     >         Thank you in advance!!
>     >
>     >         --
>     >         *Abel Woatéba ELITCHA
>     >         *
>     >
>     >
>     >         _______________________________________________
>     >         afnog mailing list
>     >         http://afnog.org/mailman/listinfo/afnog
>     >
>     >
>     >
>     >
>     > --
>     > *Abel Woatéba ELITCHA
>     > *système d'informations
>     >
>     >
>     >
>     > _______________________________________________
>     > afnog mailing list
>     > http://afnog.org/mailman/listinfo/afnog
>     >
> 
> 
>     --
>     Hervey Allen      Network Startup Resource Center
>     hervey at nsrc.org <mailto:hervey at nsrc.org>   http://nsrc.org/ :
>     http://facebook.com/nsrc.org
>     GPG Fingerprint:  AC08 31CB E453 6C65 2AB3 4EDB CEEB 5A74 C6E5 624F
> 
> 
> 
> 
> -- 
> *Abel Woatéba ELITCHA
> *système d'informations
> 
> 
> 
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
> 


-- 
Graham Beneke



More information about the afnog mailing list