Topic: Ports closed from LAN > internet??

[ekhaat]

Hi

I wrote about this before, but got no reply, so I'm trying again with a different approach.

The thing is, I have to be able to log on to my companys network, using NFuse, which is a browser acces thing to connect to our Citrix servers on the company network.

The way it is supposed to work is this:

Enter "https://logon.xxxxxx.yyy" in the browsers address line, and there should come a logon page asking for a username.

The next page would be one to enter a Safeword Token password, which is a password generated by a little gadget (looks like a pocket calculator).

Then there would come a page to ask for my normal company username and password.

And then I would have acces to the same things in Citrix, as I would on my company desktop.

And here is my LAN information:

1 SME server/gateway w/2 NIC's, Domain controller
1 Win98 client using the SME-box to connect to the internet, everything pretty much standard.

The Win-box logs on to the SME-box domain as if it was a WinNT domain, works OK.

Now, when I enter "https://logon.xxxxxx.yyy" in my browser, I get:

ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: logon.xxxxxx.yyy:5443

The following error was encountered:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is admin@imcorp.dk.



--------------------------------------------------------------------------------
Generated Sat, 20 Mar 2004 15:27:40 GMT by imcorpsrv.imcorp.dk (Squid/2.4.STABLE6) </


Now, looking into squid/access.log, I see this:

1079796460.367    545 192.168.167.67 TCP_MISS/200 2897 CONNECT logon.xxxxxx.yyy:443 - DIRECT/1x3.1x2.2x1.1x0 -
1079796460.373      0 192.168.167.67 TCP_DENIED/403 1030 CONNECT logon.xxxxxxx.yyy:5443 - NONE/- -

(I x'ed out some of the ip-numbers for securety reasons)

Now, 192.168.167.67 is my Win98 client.

It looks as if port 5443 is blocked for me to get from LAN to internet.

When I enter the same url in lynx on the SME-box, I get this:

                                                                 [scctop.gif]

                                            This resource requires authentication to PremierAccess.

   Enter username: ______________
   OK Cancel

                                              Note: You must have cookies enabled to authenticate.

                                                            Login with a certificate


So, it must be my SME-box preventing me from accesing the logon page

The staff at my company's helpdesk were not able to help me.

Can anyone here explain to me, how I can fix this?

Kind regards

Iwer Mørck

[mrjhb3]

Try this. Edit you /etc/squid/squid.conf file. On the acl SSL_ports line add 5443.  Then do a  
/etc/rc.d/rc7.d/S90squid restart

Try your connection.  If it doesn't work, then try the same edit but on the acl Safe_ports line, and restart squid.

If one of the above options work, then go to
/etc/e-smith/templates/etc/squid/squid.conf and either edit 20ACL15SSL_ports or 20ACL15Safe_ports depending on which worked above.

Then do a /sbin/signal-event/expand-template
/etc/squid/squid.conf, then restart squid again and you will be in business.

If you'd rather use a templates-customer template you could do that as well.  mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf.  Then copy one of the 2 20ACL files from above to this directory, make your changes, expand template, and restart squid.

GL,

JB

[ekhaat]

Try this. Edit you /etc/squid/squid.conf file. On the acl SSL_ports line add 5443.  Then do a  
/etc/rc.d/rc7.d/S90squid restart

Try your connection.  If it doesn't work, then try the same edit but on the acl Safe_ports line, and restart squid.

This one did it. Thank you so much

Regards
Iwer Mørck

[blacky]

wow I wrked for hours on this problem and did what you said and it worked perfectly.

Thanks