#1  
Old 2nd September 2012, 20:52
alphaman36 alphaman36 is offline
Member
 
Join Date: Aug 2012
Posts: 36
Thanks: 1
Thanked 0 Times in 0 Posts
Default HTTPS only

I have a problem that I can't figure out. I have everything running as far as DNS goes. I have an A record for www that points to my public IP. The problem that I have is that I created a new site nothing special, (wordpress) no SSL settings set nothing. The only port that the site seems to respond to is 443 and not 80. What am I missing?

Ok, I have that one figured out. Turned out to be a intrusion prevention rule on my fireall.
However, I still have a problem. I can't access the web site from out side of the network even though an NSLOOKUP returns the correct address. So my question is do I need to change the www A record to point to the internal address of the web site or do I create an A record for the hots using the public address or do I create an A record for the host using the private address?

Well, after more working with it, my firewall is setup right now, but the web site will still only respond to https requests and not http requests. Is there something I am missing in side of the website? I don't have ssl enabled

Last edited by alphaman36; 3rd September 2012 at 01:54.
Reply With Quote
Sponsored Links
  #2  
Old 4th September 2012, 21:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Quote:
Originally Posted by alphaman36 View Post
So my question is do I need to change the www A record to point to the internal address of the web site or do I create an A record for the hots using the public address or do I create an A record for the host using the private address?
Use the public IP.

Quote:
Well, after more working with it, my firewall is setup right now, but the web site will still only respond to https requests and not http requests. Is there something I am missing in side of the website? I don't have ssl enabled
Can you post the outputs of
Code:
iptables -L
and
Code:
netstat -tap
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 5th September 2012, 00:49
alphaman36 alphaman36 is offline
Member
 
Join Date: Aug 2012
Posts: 36
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Use the public IP.



Can you post the outputs of
Code:
iptables -L
and
Code:
netstat -tap
?

Do I want to run these commands on the firewall or on the DNS server or ISP config webserver?
Reply With Quote
  #4  
Old 5th September 2012, 17:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

On the ISPConfig server and the firewall.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 6th September 2012, 00:50
alphaman36 alphaman36 is offline
Member
 
Join Date: Aug 2012
Posts: 36
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
On the ISPConfig server and the firewall.
Hi falko, I got it figured out. It wasn't a problem with ISP Config it did turn out to be a problem with the firewall. Even though the DNAT and inbound rules were correct, the web proxy was getting it. By default my firewall proxies LAN and WAN interface, even though the WAN interface is not listed in the proxy list. All I had to do was to physically add the WAN interface then remove it, then the web site was visible to the outside world.

I do have one question about DNS. I have two DNS servers that reside behind the same IP. the second name server is in mirror mode to the first one. Do I only port forward to the first DNS server and leave forwarding closed for the second one or do I port forward to both of them?
Reply With Quote
  #6  
Old 6th September 2012, 19:01
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

You can forward a port to just one server. BTW, it doesn't make much sense to have two nameservers running on the same because that doesn't provide redundancy.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig: from http to https & from https to http Hans Tips/Tricks/Mods 13 12th March 2013 23:22
haproxy with stunnel problem abubin Server Operation 6 10th April 2012 15:08
400 Bad Request when https is used Overcrook Installation/Configuration 7 5th October 2011 02:02
3 Question SSL cert, https redirect, WebFtp, serkejal Installation/Configuration 8 19th April 2011 19:10
squid and https passthrough Xitron Installation/Configuration 0 5th November 2009 18:40


All times are GMT +2. The time now is 03:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.