Linode Forum :: Open port 443 in IpTables

Linode Forum
Linode Community Forums

FAQ

Search

Members

Register

Login [ Anonymous ]

Open port 443 in IpTables

Post new topic Reply to topic

Board index » Linux Community Forums » General Discussion

Previous topic | Next topic

Author

Message

Sipherx

Post subject: Open port 443 in IpTables

PostPosted: Fri Jun 10, 2005 1:31 pm

Offline

Junior Member

Joined: Thu Apr 21, 2005 12:41 pm
Posts: 43
Website: http://www.jamesl.info
WLM: sipherx@gmail.com
Yahoo Messenger: sipherx598
AOL: sipherx1023
Location: Florida

I am trying to open up port 443 in iptables so I can have SSL access on my server. But whenever I do an nmap on my server it says port 443 is closed. How do I open it? Any suggestion will be helpful.

_________________
James Lenhart.

Top

Profile

Reply with quote

schmichael

Post subject:

PostPosted: Fri Jun 10, 2005 2:19 pm

Offline

Senior Member

Joined: Sun Mar 14, 2004 9:18 pm
Posts: 116
Website: http://michael.susens-schurter.com/
WLM: mschurter@yahoo.com
Yahoo Messenger: mschurter
Location: Peoria, IL

Do you have SSL properly configured and enabled on your web server? Even if iptables isn't blocking port 443, if no service is listening on it, it will be closed.

(If I remember correctly, nmap would say "firewalled" if it was iptables fault... but that might be contingent on a number of variables.)

Top

Profile

Reply with quote

Sipherx

Post subject:

PostPosted: Fri Jun 10, 2005 2:47 pm

Offline

Junior Member

Joined: Thu Apr 21, 2005 12:41 pm
Posts: 43
Website: http://www.jamesl.info
WLM: sipherx@gmail.com
Yahoo Messenger: sipherx598
AOL: sipherx1023
Location: Florida

yes as far as I can tell SSL is properly enabled and configured on my server. But as soon as u put https in front of the url that is configured it says connection was refused.

_________________
James Lenhart.

Top

Profile

Reply with quote

zibeli2

Post subject:

PostPosted: Sat Jun 11, 2005 3:53 am

Offline

Senior Newbie

Joined: Wed Sep 22, 2004 11:53 pm
Posts: 17

You could use

Code:

netstat -an --inet

to see if anything's listening on port 443

Top

Profile

Reply with quote

Sipherx

Post subject:

PostPosted: Mon Jun 13, 2005 8:56 am

Offline

Junior Member

Joined: Thu Apr 21, 2005 12:41 pm
Posts: 43
Website: http://www.jamesl.info
WLM: sipherx@gmail.com
Yahoo Messenger: sipherx598
AOL: sipherx1023
Location: Florida

This is all I get when I do that.

Code:

Kernel Interface table
dummy0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth0      Link encap:Ethernet  HWaddr FE:FD:46:55:81:36
          inet addr:70.85.129.54  Bcast:70.85.129.255  Mask:255.255.255.0
          inet6 addr: fe80::fcfd:46ff:fe55:8136/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:59722 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5028129 (4.7 MiB)  TX bytes:15905979 (15.1 MiB)
          Interrupt:5

eth0:2    Link encap:Ethernet  HWaddr FE:FD:46:55:81:36
          inet addr:70.85.31.66  Bcast:70.255.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:5

gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:828 errors:0 dropped:0 overruns:0 frame:0
          TX packets:828 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:145773 (142.3 KiB)  TX bytes:145773 (142.3 KiB)

sit0      Link encap:IPv6-in-IPv4
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

teql0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tunl0     Link encap:IPIP Tunnel  HWaddr
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

_________________
James Lenhart.

Top

Profile

Reply with quote

zibeli2

Post subject:

PostPosted: Mon Jun 13, 2005 11:25 am

Offline

Senior Newbie

Joined: Wed Sep 22, 2004 11:53 pm
Posts: 17

Sipherx wrote:

This is all I get when I do that.

Code:

Kernel Interface table
dummy0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 <snip>

hmmm, that looks more like the output from ifconfig than from netstat.

From a quick look at my netstat man page, I'm not even sure how to make it show what yours did, so maybe you are using a different version (mine's from net-tools-1.60).

Also, based on a quick look at /proc/net/tcp I think that if

Code:

cat /proc/net/tcp | grep :01BB

shows a line similar to: (i.e. with :01BB in the same place and 0A two fields after)

Code:

   6: 0100007F:01BB 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 10220 1 c88eec00 3000 0 0 2 -1

then something is listening on port 443 (hex 01BB).

hth

Top

Profile

Reply with quote

Sipherx

Post subject:

PostPosted: Tue Jun 14, 2005 10:34 pm

Offline

Junior Member

Joined: Thu Apr 21, 2005 12:41 pm
Posts: 43
Website: http://www.jamesl.info
WLM: sipherx@gmail.com
Yahoo Messenger: sipherx598
AOL: sipherx1023
Location: Florida

I get nothin when I do that... I appreciate your help if u have any ideas just post em.. thanks

_________________
James Lenhart.

Top

Profile

Reply with quote

caker

Post subject:

PostPosted: Tue Jun 14, 2005 11:02 pm

Offline

Linode Staff

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ

Sipherx wrote:

I get nothin when I do that... I appreciate your help if u have any ideas just post em.. thanks

In order for SSL to work, you not only need to make sure your firewall is open on port 443, but you also have to have something listening on that port, usually Apache.

Code:

netstat -pln

The above will display what processes (buy their PIDs) are listening on which ports. See if your apache process is listening on 443.

-Chris

Top

Profile

Reply with quote

zibeli2

Post subject:

PostPosted: Wed Jun 15, 2005 9:39 am

Offline

Senior Newbie

Joined: Wed Sep 22, 2004 11:53 pm
Posts: 17

Sipherx wrote:

I get nothin when I do that...

If that cat command showed nothing, my bet is that nothing is listening on port 443. The command caker posted should verify that, if his version of the netstat command works for you better than mine did.

If that's the case, there's a problem with your apache configuration. Do you have a "Listen" command for port 443 and the appropriate ip(s) in your httpd.conf file? E.g.:

Code:

Listen 127.0.0.1:443

Top

Profile

Reply with quote

Sipherx

Post subject:

PostPosted: Wed Jun 15, 2005 9:42 am

Offline

Junior Member

Joined: Thu Apr 21, 2005 12:41 pm
Posts: 43
Website: http://www.jamesl.info
WLM: sipherx@gmail.com
Yahoo Messenger: sipherx598
AOL: sipherx1023
Location: Florida

Looks like its not.

Code:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:51234           0.0.0.0:*               LISTEN     11013/server_linux
tcp        0      0 0.0.0.0:37              0.0.0.0:*               LISTEN     296/inetd
tcp        0      0 0.0.0.0:14534           0.0.0.0:*               LISTEN     11013/server_linux
tcp        0      0 0.0.0.0:9               0.0.0.0:*               LISTEN     296/inetd
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     348/mysqld
tcp        0      0 0.0.0.0:13              0.0.0.0:*               LISTEN     296/inetd
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN     460/tcpserver
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN     421/spamd.pid
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     404/vsftpd
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     456/tcpserver
tcp6       0      0 :::993                  :::*                    LISTEN     289/couriertcpd
tcp6       0      0 :::143                  :::*                    LISTEN     276/couriertcpd
tcp6       0      0 :::80                   :::*                    LISTEN     7021/apache2
tcp6       0      0 :::22                   :::*                    LISTEN     235/sshd
udp        0      0 0.0.0.0:9               0.0.0.0:*                          296/inetd
udp        0      0 0.0.0.0:8767            0.0.0.0:*                          11013/server_linux
udp        0      0 0.0.0.0:68              0.0.0.0:*                          195/dhclient
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     411      348/mysqld          /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     1325     413/clamd           /tmp/clamd
unix  2      [ ACC ]     STREAM     LISTENING     313      263/authdaemond.pla /var/run/courier/authdaemon/socket.tmp
pabado:~#

So now what do I do?

_________________
James Lenhart.

Top

Profile

Reply with quote

Sipherx

Post subject:

PostPosted: Wed Jun 15, 2005 9:49 am

Offline

Junior Member

Joined: Thu Apr 21, 2005 12:41 pm
Posts: 43
Website: http://www.jamesl.info
WLM: sipherx@gmail.com
Yahoo Messenger: sipherx598
AOL: sipherx1023
Location: Florida

Well shouldnt I put that listen command under on one of my sites conf files in sites-available folder?

UPDATE******:

Hey I found something called ports.conf in my apache2 folder... and it has Listen 80 in there, When I typed Listen 443 and then I tried to restart it, it said something else was using port 443.

_________________
James Lenhart.

Top

Profile

Reply with quote

Sipherx

Post subject:

PostPosted: Wed Jun 15, 2005 10:00 am

Offline

Junior Member

Joined: Thu Apr 21, 2005 12:41 pm
Posts: 43
Website: http://www.jamesl.info
WLM: sipherx@gmail.com
Yahoo Messenger: sipherx598
AOL: sipherx1023
Location: Florida

Okay I added Listen 127.0.0.1:443 in my sites conf file.. And now when I do that netstat command it shows apache2 listening on port443.. But its still doing the same thing cause apache2 still doesnt know to open port443 because when I restart apache2 with Listen 443 in the ports.conf file it says this.

Code:

pabado:/etc/apache2# /etc/init.d/apache2 restart
Forcing reload of web server: Apache2[Wed Jun 15 09:58:39 2005] [warn] module ssl_module is already loaded, skipping
[Wed Jun 15 09:58:40 2005] [warn] module ssl_module is already loaded, skipping
(98)Address already in use: make_sock: could not bind to address [::]:443
no listening sockets available, shutting down
Unable to open logs
pabado:/etc/apache2#

Now what..

_________________
James Lenhart.

Top

Profile

Reply with quote

Xan

Post subject:

PostPosted: Wed Jun 15, 2005 1:26 pm

Offline

Senior Member

Joined: Sun Feb 08, 2004 7:18 pm
Posts: 562
Location: Austin

You may need to do some reading on Apache2 and SSL, to get an overview of what you're doing and what needs to be done rather than working on one step at a time.

Try:
http://www.ornl.gov/~jar/Apache/SSL_in_Apache_2.html
or
http://lists.debian.org/debian-apache/2004/09/msg00105.html

Those are about SuSE and Debian, but the process is very much the same. If you like, google for one about your particular distribution.

Top

Profile

Reply with quote

zibeli2

Post subject:

PostPosted: Wed Jun 15, 2005 9:16 pm

Offline

Senior Newbie

Joined: Wed Sep 22, 2004 11:53 pm
Posts: 17

Sipherx wrote:

Okay I added Listen 127.0.0.1:443 in my sites conf file.. And now when I do that netstat command it shows apache2 listening on port443.. But its still doing the same thing cause apache2 still doesnt know to open port443 because when I restart apache2 with Listen 443 in the ports.conf file it says this.

Well, I meant for you to replace "127.0.0.1" with whatever IP address(es) you want apache to use for SSL requests. I'm sure there's a way to have it listen on all available addresses: I don't know off the top of my head what that way is, but my guess would be by either using an "*" or "0.0.0.0" as the ip address.

I don't recognize the files you mention (e.g. ports.conf) so I'm assuming that's probably how your distribution sets up the apache config and those files are all sourced from the main config file. If so, then you'd only need the Listen line in one or the other.

At any rate, I'd agree with Xan that you'd be much better off doing a bit of reading until you have a broader understanding of how it all ties together.

Top

Profile

Reply with quote

Sipherx

Post subject:

PostPosted: Thu Jun 16, 2005 8:46 am

Offline

Junior Member

Joined: Thu Apr 21, 2005 12:41 pm
Posts: 43
Website: http://www.jamesl.info
WLM: sipherx@gmail.com
Yahoo Messenger: sipherx598
AOL: sipherx1023
Location: Florida

Hey everyones little bit of help, really helped me out. I have it fully working now. https://www.discountcurtainrods.com. Thanks a lot guys. All your ideas and solutions helped me make one big one.

_________________
James Lenhart.

Top

Profile

Reply with quote

Post new topic Reply to topic

Board index » Linux Community Forums » General Discussion

Who is online

Users browsing this forum: dobriain and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

RSS

Powered by phpBB® Forum Software © phpBB Group