httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Tracey <ry...@thawte.com>
Subject Re: [users@httpd] Problems with SSL All of a Sudden
Date Tue, 27 May 2003 11:23:35 GMT
Hi

For what it's worth I tried a tcptraceroute on port 443 to www.juke.biz 
and got 'port unreachable' on the last hop.

---cut---
13  sl-gw29-atl-9-0.sprintlink.net (144.232.8.230)  283.151 ms  284.057 
ms  284.908 ms
14  208.30.202.6 (208.30.202.6)  282.099 ms  281.914 ms  280.972 ms
15  s95332-2.savvis-internet.usatln2-bsn.savvis.net (216.90.158.2) 
287.740 ms  289.404 ms  293.214 ms
16  rocola.com (216.24.170.247)  287.361 ms !p  286.400 ms !p  287.292 ms !p
--

Danny also might want to try using openssl (on a box that has it -- like 
the web server itself should) to test out connectivity on port 443. 
Might be faster than lynx and later on can be used to run more detailed 
tests, if necessary.

tsunami: ~$ openssl s_client -connect www.juke.biz:443
connect: Connection refused
connect:errno=29

Also, nmap indicates that FIN packets get through but SYN packets are 
filtered -- most probably by the router in front of the web server. But 
see if 'ipchains -nL' or 'iptables -nL' returns anything on the 
webserver -- it wouldn't be the first time that someone inadvertantly 
started up firewalling on booting.

I hope that helps in some way.

Regards,
Ryan




WC -Sx- Jones wrote:
> 
> On Monday, May 26, 2003, at 02:05  PM, Daniel R. Blair wrote:
> 
>> Ifconfig output:
>>
>> eth0      Link encap:Ethernet  HWaddr 00:E0:18:84:8A:1A
>>           inet addr:216.24.170.247  Bcast:216.24.170.255
>> Mask:255.255.255.0
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:303339 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:173926 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:100
>>           RX bytes:30012947 (28.6 Mb)  TX bytes:148454005 (141.5 Mb)
>>           Interrupt:9 Base address:0xb000
>>
> 
> 
> What does netstat -r say ?
> 
> 
> Also, did you tell someone else earlier that you were also accepting 
> SMTP (port 25) mail on this server?
> 
> If so, in you mail.log (or syslog) do you see a lot of TIME OUT AFTER 
> DATA in it?
> 
> If you do, then that very strongly suggests that your MTU is invalid...
> 
> 
> I am totally out of ideas...
> 
> http://insecurity.org/
> _Sx____________________
>  ('>    iudicium ferat
>  //\   Have Computer -
>  v_/_    Will Hack...
> 
>               \|/ ____ \|/
>               "@'/ .. \`@"
>               /_| \__/ |_\
>                  \__U_/
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


-- 
Ryan Tracey          | +27 21 917 8909
Thawte Certification | https://www.thawte.com
Mollison's Bureaucracy Hypothesis:
	If an idea can survive a bureaucratic review and be implemented
	it wasn't worth doing.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message