Networking :: Double NAT & HTTPS Connection Timeouts?
Feb 2, 2011
I am having a problem with HTTPs in a double NAT'd network configuration. The scenario is like this..
[Code]...
Machines on these LANs can talk to each other no problem. There is also a NAT rule configured for traffic going from LAN A via LAN C out to the Internet. The Nokia is also doing NAT'ing. Normal web browsing works fine with this setup, but whenever I try to access HTTPS sites, it just hangs and eventually times out.Packet captures have showed lots of TCP Retransmission messages. If I logon directly to the Linux Router and fire up a browser, I am able to access HTTPS sites without any problems. This appears to be something to do with the traffic being NAT'd twice. Is there a way I can get around this without changing the config of the Nokia?
View 1 Replies
ADVERTISEMENT
Jun 9, 2015
I run a Laptop (Mint 17.1), which is connected to a Debian 8.1 server over a LAN. The systems are connected through a router. Both of them show no problems when working independently and when doing work on the internet. Also, ping works fine (no lost packets, no delays!) from Debian to Mint. However when doing a ping from the Laptop (Mint) to the Debian server, I experience frequent packet losses and timeouts. In fact, a "first" ping may lose the first 20 to 30 "tries". Thereafter, if I repeat pings immediately and quickly one after the other, they might in geral not lose packages or show delays. Ping to and from the router also works perfectly in either direction!
Of course, functions such as ssh or samba-sharing are hampered as well by this behaviour. Also, if I DO in fact manage to connect to the Debian server via ssh, my console (KDE 14) is freuqently "locked" (i.e. - doesn't show my input for a while) but in the end DOES show the characters entered and gets processed o.k. (eg. when doing an "ls"-command). Both systems are at the latest software-level and I just finished installing Debian 8.1. The situation was the same on Debian Wheezy, however.
View 3 Replies
View Related
Feb 19, 2010
I'm using the linksys wmp300n with ndiswrapper to connect to a belkin wireless router with a static ip (192.168.2.3). The rest of the PCs in the house have .2, .4, and .5 only running windows XP and 7. This one won't stay connected during large file transfers within the network or over the internet in Ubuntu. I made a script to restart ndiswrapper but I have to do it every 2 or 3 min during a file transfer. I can't play online games at all. No ssh sessions for more than a few min... so on and so forth. None of these issues happen in Windows 7 but when it was first installed it had to do something with dhcp before it would stay connected. Windows wouldn't tell me what was going on though. code...
View 2 Replies
View Related
Feb 23, 2010
I have the following details on my system:
- CentOS
- RHEL 5
- WebWare for Python
We have an exisiting website written in Python and was developed by other entities and now being maintained by us. We want to run the website using secure connection (HTTPS), I tried reading this article and successfully executed every instructions but still failed to run the website using HTTPS.
[URL]
The way we run the website is using port 8080, e.g. [URL] I am sure I am missing something here, first, I am still looking on where does the port 8080 comes from since I've checked the httpd.config and it wasn't there.
View 14 Replies
View Related
Feb 24, 2011
We have 2 HTTP Load balancer with HAproxy and heartbeat. There are 4 nodes in this cluster. It's doing round robin load balancing. The HTTP cluster working fine. We are having problem with our portal because it uses SSO. We need sticky connection support in our HAproxy. Also we need load balancing for HTTPS traffic. Here's our HAproxy conf file.
[Code]....
View 1 Replies
View Related
May 22, 2011
I have set up certain portions of my web site to be forced https:// How do I force, non https:// protocols. I know this sounds confusing, so let me give you an example.
[Code]...
View 7 Replies
View Related
Jun 19, 2010
My laptop's been locking up in Linux (Ubuntu, Backtrack, Puppy) periodically for a while now. When it locked up, it was always immune to the magic of SysRq, which I thought might indicate a hardware problem. It became so bad that I had to stop using the laptop.
Today, when I turned it on and tried to boot into Fedora 12, I got the following error (just once, it just locked up at various points during the splash screen after this once):
double fault: 0000 [#1] SMP
last sysfs file:
CPU 0
odules linked in:
Pid: 1, co m: swapper Not ta nted 2.6.32.11-99.fc 2.x86_64 #VGN-T 250N
RIP: 0010:[<ff
All the seemingly missing letters were really missing, not my typos.
As you can see, kernel version is 2.6.32.11-99.fc12.x86_64 and my laptop is a Sony Vaio TZ 250N (Core 2 Duo ULV 1.2GHZ). Note that with the other remaining kernels from the updates, nothing ever happened other than the locking up. The core temperatures hover pretty high, about 55-60C peak but this is still below the critical temp. Memtest came up clean when the problem first started happening.
View 3 Replies
View Related
Aug 3, 2010
Ok, so I am needing some drivers and I've been googling like hell to find em, however, I can never seem to find any. My adapter model is F6D6050v1.
PS: when I try sudo ndisgtk it comes up with command not found.
View 1 Replies
View Related
Jul 29, 2011
I'm trying to use svn over http or https because I'm rear of a corporate proxy. Only allows HTTP connections.
I tried connect-tunnel but no success.
I also modified ./subversion/servers and I added the proxy server but no success.
View 2 Replies
View Related
Dec 22, 2010
I am trying to open a site named [url] and it gives me error connection refused the network may be down.
I had checked that ip and it's pinging from my pc but the site is not opening
My internet server is red hat linux and i have done all the iptables thing but it's not working
View 5 Replies
View Related
Oct 4, 2010
I am running a Linux firewall (IPcop) to bridge two networks. Hosts on network A have to use a proxy server in order to get online. This server runs a transparent proxy (squid) configured to use the proxy needed to connect to the internet as an upstream proxy, therefore meaning all the hosts on network B can connect to the internet without the user having to configure a proxy address.
The problem is that HTTPS also has to go through the upstream proxy, which I'm told can't be proxied by my server transparently because of security issues. This means that hosts on network B can't currently access HTTPS sites.
View 6 Replies
View Related
Nov 29, 2010
I connect to the internet at work through an authenticating proxy, and to avoid having to enter the proxy info into every app I use (e.g. firefox, wget, kde, etc) I have set up squid as a local transparent proxy which authenticates and routes all traffic to the work proxy. It has been working fine, but lately I haven't been able to connect to any https sites. I don't think I have changed the configuration, so perhaps it is the result of an upgrade, or something badly configured on my system from the start. I have tried connecting to https sites without squid and iptables and it works fine. My system is Arch linux, and my squid.conf file is: Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443# https
[Code]....
View 2 Replies
View Related
May 12, 2010
I have a server (Fedora 12) setup at a client's datacenter and the network is setup to allow me ssh access into the server, but prevents me from opening any connections from the server. However, I need to make http and https request from the server. What I'd like to do is forward all http/https traffic through another machine outside the network.
I've been looking at the documentation for ssh and the various options there and have gotten so far as to enable initiating an ssh connection from the client network back to my machine, but am not sure where to take it from there.
Here are some of the commands I've used so far:
Code:
I'm attempting to bind port 80 to be forwarded through the local machine. I assume I use "ssh -R" to create a dynamic tunnel to forward requests but I must be missing something.
By the way, root login via ssh is disabled.
View 5 Replies
View Related
Dec 26, 2010
i'm attemping to re-route incoming traffic of https to one of my servers. (a windows xp with subversion on it)
problem is if i do that ALL https traffic from other pc's is stopped. meaning i can't get any reply from any url with https;
View 6 Replies
View Related
Aug 28, 2010
I have a virtual machine in a natted interface vmnet2. Ports are forwarded correctly into the virtual machine, but my host does not forward correctly the ports to the outside world. for example, when checking if the port is open i sniffed on the phyisical interface and saw only the "syn" packet going to the virtual interface. Inside the virtual interface i saw the same "syn" packet. the virtual machine replied with "syn, ack" and then it got a "rst" from my host.what could go wrong? how come this "syn, ack" packet not going back to the physical interface?
View 2 Replies
View Related
Feb 3, 2010
I want to make a script for something, but I'm worried the timeouts on sudo permissions (how you can't got more than 5/10 minutes between sudo commands before needing your password again). Basically, I don't want my script to be redundant and require overseeing for password inputs.
Code:
sudo echo Hello.
sleep 6000
sudo echo This is text. This shows the basis of the problem. I will need to enter my password twice.
Would allowing it to run uninterrupted be as easy as running this theoretical shell script his sudo to begin with?
View 1 Replies
View Related
Jan 5, 2010
i'm new to linux so bear with me.we have two servers running in a cluster mode. i disable the cluster so that we could install a new os kernel that was provided by our vendor tumbleweed.So the active server which does not have the upgraded os kernel the version is Linux version 2.6.5-7.283-smp (geeko@buildhost) (gcc version 3.3.3 (SuSE Linux)) #1 SMP Wed Nov 29 16:55:53 UTC 2006 for the server which does not have the kernel upgrade, i can mount to netapp mount. however from the server which has it's kernel upgraded, i get a rpc timeout error when i try to mount the drive.
somehow the server which has got the kernel upgrade is trying to use udp. the server goes through a firewall before getting to the netapp server and upd is not allowed.in the fstab entries, i specified tcp,proto=tcp but no matter what values i put in, it's trying to use upd.
View 7 Replies
View Related
Jun 8, 2010
We are seeing some dropped SSH connections because of which some of the process are failing . The main likely reason for the connection drops is that both the client and server remains 100% busy during a certain time interval and during that time interval we see those occassional connection closed by the server.
[Code]...
View 1 Replies
View Related
Jul 19, 2010
I'm running a squid proxy in my ubuntu server, and I must have mess it up with the squid configuration. Users, cannot, access https pages. Can you tell me what to change in my squid.conf, so, to fix this?
Here is my squid.conf (witch is a friends conf, that i have change for my needs...)
Code:
http_port 8888
#http_port 3128
icp_port 3130
acl QUERY urlpath_regex cgi-bin ?
code....
View 2 Replies
View Related
Dec 13, 2010
This started yesterday. I haven't made any recent changes. I can't access any pages beginning with https. It's just my computer because my girlfriend's laptop doesn't have any issues. I'm using OpenDNS, but I have been for a long time and this is the first time this has ever happened. I'm not using a router, I connect straight to the modem, which I've already reset.
View 1 Replies
View Related
Jul 22, 2010
https://hostname:8834/ is blocked by iptables ?
I have nessus application is running in the target machine and the url
is https://hostname:8834/ - which is not accessible
But when i login in the target machine via ssh and check that this application and the service is running fine So i think it is blocked by the iptables in the same machine, where the nessus is running
find the iptables status when iptables -L
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:nessus1
ACCEPT tcp -- anywhere anywhere tcp dpt:nessus1
[Code].....
View 3 Replies
View Related
Feb 9, 2016
There's a short version at the bottom.
I just installed jessie with gdm3 and use xfce.
I like my monitor to turn off when I'm not at the computer for more than 10 or 20 minutes or so and it wasn't doing that. I haven't used Linux for years and was used to xorg.conf/x11.conf and xinitrc and such.
So I rediscovered xset is responsible for DPMS settings. xset -q revealed DPMS was off. So I used it and put it in ~/.xinitrc. It didn't work. After some canoodling around I found out about xfce's Session and Startup gui thing. I was using that to run ~/.xinitrc.
When I got to my desktop and did a check with xfce4-terminal by running xset -q it would show DPMS enabled but the values were wrong. 600, 0, 900 to be exact.
After some searching I came across the information that xscreensaver will override DPMS settings as it manages DPMS too. So after more canoodling I found out about xfce's Screensaver preferences dialogue and used that to set my values. The values would immediately be set but the problem is that they are not persistent. If I reboot or log out the values will revert to 600, 0, 900. They will only reset to what I want them to be by running xfce's Screensaver preferences dialogue manually.
man gdm3, info gdm3, grep -r DPMS in /etc/gdm3, grep -r dpms in /etc/gdm3 reveal nothing related to DPMS. I've done some searching and nothing useful.
there is an /etc/X11/app-defaults/XScreenSaver-nogl which has some DPMS settings but the times are too large (2 hours); the only thing that matches is the off setting which is specified there.
xscreensaver -no-splash is present in the output of ps so it is xscreensaver and not gnome-screensaver.
The weird thing is that I re-enabled my ~/.xinitrc in xfce's Session and Startup gui thing and it is being run, but the numbers are getting set wrong after it is run. (I put an echo command after xset dpms 900 1200 1500, and the file is appearing in ~)
Where does 600, 0, 900 come from? Mystified on how to proceed from here. I don't remember enough on how to see what's doing what. Is there some sys thing or proc thing I can monitor to find out what's setting these values?
Short version: my xset dpms values are getting reset to 600, 0, 900 every time I logout or reboot. They revert to 600, 0, 900 every time I get to my desktop. I use gdm3 and xfce. Where are these coming from?
View 2 Replies
View Related
Apr 24, 2011
I was having a problem where my server would go unresponsive to it's No-IP redirected name while access via local net IP was unaffected. Access via the No-IP name would usually be restored within 5 minutes or so.
View 1 Replies
View Related
Nov 19, 2010
HTTPS doesn't work. Im running firefox in ubuntu 10.10.
View 1 Replies
View Related
Jun 22, 2011
I am using Lenovo G550 laptop wid Intel Dual Core 2GHz, 2GB RAM, 250GB HDD, etc. Earlier I had 2 partitions 187GB (Windows 7) and other 33GB of Lenovo drivers. I split 187GB to 143GB (Windows 7) while remaining 44GB for Ubuntu 10.10!
Everything's been working fine except for internet. I am unable to load many https sites like fb, hotmail, etc. Gmail is working absolutely fine.
I did some research on this forum and disabled ipv6! I also checked for firewall and it was disabled. Then I also configured Open DNS and checked if it is working fine. But nothing has helped.
When I connect to these sites without 's' in https (i.e. only http) these sites load fast. I enter my username n password and then I am redirected to a compulsory https site which then takes me to a page like this (shown in thumbnails)! I have tried Chrome n Firefox 3.6 (which have SSL and TLS checked in preferences)! All these sites are working fine on Windows 7. But I don't want to use Windows 7 every now and then because it has become too slow and boring! Please help me with this.
I connect to internet using DSL wired (BSNL Broadband 256Kbps)
View 7 Replies
View Related
Jul 8, 2011
I'm on Ubuntu 11.04 and have wired internet connection.
Some sites (particularly https) take very long time to load . Sometimes I get "Page is taking a long time to load . Reload the page later" message.
Now , this is happening for some http webpages also.
This is not a problem with browser.
I have firefox , chrome , chromium and konqueror installed.
Also I can access all these sites properly from windows so it is not problem with my internet connection either.
View 1 Replies
View Related
Jul 3, 2010
configured myself a NAS, which is infrequently accessed, so I set the standby timer of the disks to 241 (30 minutes) using hdparm.
for i in /dev/sd?; do
hdparm -S 241 $i > /dev/null
done
[code]....
View 2 Replies
View Related
Apr 6, 2011
I need to redirect all http/https/ftp traffic through the remote proxy, but when I changes connection settings in browser or in System->Preferences->Network Proxy it doesn't work well: instead of getting page content browser asks for saving some short (8 bytes) file with the same content for all requested pages. It happens in Chrome/Opera/Firefox. This proxy requires authorization and works on computer with Windos XP. It worked well when I was using Windows 7 and Proxifier, now I have Ubuntu 9.10 with all available updates.
View 3 Replies
View Related
Apr 27, 2010
I would like to set a double range of IP address with my DHCP3-server. Now, I have eth0 (which is my only network card) with this IP address : 172.16.93.1 and I have created a second interface eth0:1 with this address: 192.168.3.1. The goal is to give an IP address 172.16.93.X to phones (with option 66) and the IP address 192.168.3.X to the computers.
This is my DHCPD.conf :
ddns-update-style none;
option domain-name "mycompany.com";
option domain-name-servers 172.16.93.1;
default-lease-time 3600;
max-lease-time 2347200;
authoritative;
log-facility local7;
option ip-forwarding off;
default-lease-time 20;
max-lease-time 20; .....
Right now my DHCP server work fine, (I means, no error at the startup ) but the server give always the same kind of IP address, whatever if it's a phone or a computer. I notice something "wired", if I put the :
subnet 192.168.3.0 netmask 255.255.255.0 {
range 192.168.3.100 192.168.3.199;
option routers 192.168.3.254; }
(Which is first in the dhcpd.conf) after the "subnet 172.16.93.0 netmask 255.255.255.0", the server will give IP address 172.16.93.X at all the clients. Is it possible to give more than one IP range with one network card at the same time? And how set the option 66 to only give IP address (172.16.93.X) to the phones?
View 4 Replies
View Related
Apr 8, 2010
I'm sure I'm missing something pretty obvious, but I can't for the life of me stop my pysqlite scripts crashing out with a database is locked error. I have two scripts, one to load data into the database, and one to read data out, but both will frequently, and instantly, crash depending on what the other is doing with the database at any given time.I've got the timeout on both scripts set to 30 seconds: cx = sqlite.connect("database.sql", timeout=30.0)and think I can see some evidence of the timeouts in that i get what appears to be a timing stamp (e.g 0.12343827e10 1) dumped occasionally in the middle of my curses formatted output screen, but no delay that ever gets remotely near the 30 second timeout, but still one of the other keeps crashing again and again from this. I'm running RHEL5.4 on a 64 bit HS21 IBM blade, and have heard some mention about issues about multi-threading and am not sure if this might be relevant.
Packages in use are sqlite-3.3.6-5 and python-sqlite-1.1.7-1.2.1, and upgrading to newer versions outside of RedHat's official provisions is not a great option for me. Possible, but not desirable due to the environment in general.I have had autocommit=1 on previously on both scripts, but have since disabled on both, and am now cx.commit()ing on the inserting script and not committing on the select script. Ultimately as I only ever have one script actually making any modifications, I don't really see why this locking should ever ever happen
View 3 Replies
View Related
