[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: RE: [Sidewinder] HTTPS problems
From: "Jones, Dave Mr CIBER CONTR 81 HQ DCSIM"
Date: 2001-12-18 15:50:26
[Download RAW message or body]
For anyone keeping score at home, the same problems popped up again about 2
days later. We've gone ahead, and moved stuff around to create a generic
proxy on port 443. It's been working without any problems so far. I can't
say if this is the exact same problem that was supposedly fixed in a
previous release, since I didn't dig into that problem as much to see the
errors, but the results, and how often it happens would make me think it's
the same thing.
Dave Jones
-----Original Message-----
From: Jones, Dave Mr CIBER CONTR 81 HQ DCSIM
[mailto:Dave.Jones@se.usar.army.mil]
Sent: Tuesday, December 11, 2001 1:59 PM
To: Barry_X_Bisogni@consecofinance.com
Cc: sidewinder@adeptech.com
Subject: RE: [Sidewinder] HTTPS problems
I guess we just made too many changes without knowing how to re-start
everything. I made a last ditch effert to make sure everything with the old
HTTPS2 was gone, and *gasp* rebooted the firewall... Everything seems fine
now. I just hope it'll last.
-----Original Message-----
From: Jones, Dave Mr CIBER CONTR 81 HQ DCSIM
[mailto:Dave.Jones@se.usar.army.mil]
Sent: Tuesday, December 11, 2001 12:47 PM
To: Barry_X_Bisogni@consecofinance.com
Cc: sidewinder@adeptech.com
Subject: RE: [Sidewinder] HTTPS problems
We never moved anything as far as ports on the original HTTPS. Just ran a:
cf nss disable t_proxy service=https burb=[burbname]
Then, I took the news HTTPS2 that I created on a different port, and edited
the nss.conf files to move it to port 443, and modified the ACL's to use the
new protocol.
After getting another e-mail from someone on this list having the same kind
of problem, I checked out the showaudit -ke, and every time I try to connect
to the https server, I get this:
Dec 11 12:25:00 2001 CST f_nss a_server t_error p_major
pid: 6403 ruid: 0 euid: 0 pgid: 6403 fid: 2000001 logid: 0 cmd: 'nss'
domain: nss2 edomain: nss2
+|nss|ERROR|MAJOR|NSS|SERVER
-55|No buffer space available
=Could not connect to the httpsp proxy. The proxy may be down.
How can I see for sure that httpsp is running? When I do a ps -axd, I don't
see it. I may have been wrong about it looking like it's running. That
part I got from the "expert" that works with these things full time at a
different site. If it's not running right now, how can I manually kick that
off?
Dave
-----Original Message-----
From: Barry_X_Bisogni@consecofinance.com
[ mailto:Barry_X_Bisogni@consecofinance.com
<mailto:Barry_X_Bisogni@consecofinance.com> ]
Sent: Tuesday, December 11, 2001 10:52 AM
To: Jones, Dave Mr CIBER CONTR 81 HQ DCSIM
Cc: sidewinder@adeptech.com
Subject: Re: [Sidewinder] HTTPS problems
I have to ask, when you removed the generic HTTPS proxy prior to the
upgrade, did you move the original HTTPS back to 443? The issue that was
occuring under 5.1.1 should have been fixed. If it's not logging anything,
that would be indicative that this is a different issue. Have you talked
to SCC? What did they say? Does HTTPS start if you enable it?
Regards,
Barry Bisogni
Network Security
Conseco FInance
"Jones, Dave Mr CIBER CONTR 81 HQ DCSIM"
<Dave.Jones@se.usar.army.mil>@adeptech.com on 12/11/2001 09:40:24 AM
Sent by: sidewinder-admin@adeptech.com
To: sidewinder@adeptech.com
cc:
Subject: [Sidewinder] HTTPS problems
We've had a problem with HTTPS running on the firewall in the past, so we
did a work-around that we got from SecureComputing to create an HTTPS2.
Before we did the upgrade to 5.2, we switched back to the original HTTPS.
We did the upgrade, and everything ran great for about half a week. Now,
every morning when I come in HTTPS isn't working. It looks like it's
running, and there's nothing at all in the daemond.log file. I was told
this was fixed, but could it have possibly not been upgraded because the
HTTPS proxy was disabled at the time? Thanks in advance for any info.
Dave Jones
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
<http://mail.adeptech.com/mailman/listinfo/sidewinder>
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>RE: [Sidewinder] HTTPS problems</TITLE>
<META content="MSHTML 5.00.3315.2870" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT color=#000080 face=Verdana size=2><SPAN class=749244915-18122001>For
anyone keeping score at home, the same problems popped up again about 2 days
later. We've gone ahead, and moved stuff around to create a generic proxy
on port 443. It's been working without any problems so far. I can't
say if this is the exact same problem that was supposedly fixed in a previous
release, since I didn't dig into that problem as much to see the errors, but the
results, and how often it happens would make me think it's the same
thing.</SPAN></FONT></DIV>
<DIV><FONT color=#000080 face=Verdana size=2><SPAN
class=749244915-18122001></SPAN></FONT> </DIV>
<DIV><FONT color=#000080 face=Verdana size=2><SPAN class=749244915-18122001>Dave
Jones</SPAN></FONT></DIV>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Jones, Dave Mr CIBER CONTR
81 HQ DCSIM [mailto:Dave.Jones@se.usar.army.mil]<BR><B>Sent:</B> Tuesday,
December 11, 2001 1:59 PM<BR><B>To:</B>
Barry_X_Bisogni@consecofinance.com<BR><B>Cc:</B>
sidewinder@adeptech.com<BR><B>Subject:</B> RE: [Sidewinder] HTTPS
problems<BR><BR></DIV></FONT>
<DIV><FONT color=#000080 face=Verdana size=2><SPAN class=880395919-11122001>I
guess we just made too many changes without knowing how to re-start
everything. I made a last ditch effert to make sure everything with
the old HTTPS2 was gone, and *gasp* rebooted the firewall... Everything
seems fine now. I just hope it'll last.</SPAN></FONT></DIV>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Jones, Dave Mr CIBER CONTR
81 HQ DCSIM [mailto:Dave.Jones@se.usar.army.mil]<BR><B>Sent:</B> Tuesday,
December 11, 2001 12:47 PM<BR><B>To:</B>
Barry_X_Bisogni@consecofinance.com<BR><B>Cc:</B>
sidewinder@adeptech.com<BR><B>Subject:</B> RE: [Sidewinder] HTTPS
problems<BR><BR></DIV></FONT>
<P><FONT size=2>We never moved anything as far as ports on the original
HTTPS. Just ran a:</FONT> </P>
<P><FONT size=2>cf nss disable t_proxy service=https burb=[burbname]
</FONT></P>
<P><FONT size=2>Then, I took the news HTTPS2 that I created on a different
port, and edited the nss.conf files to move it to port 443, and modified the
ACL's to use the new protocol.</FONT></P>
<P><FONT size=2>After getting another e-mail from someone on this list
having the same kind of problem, I checked out the showaudit -ke, and every
time I try to connect to the https server, I get this:</FONT></P>
<P><FONT size=2>Dec 11 12:25:00 2001 CST f_nss a_server t_error
p_major</FONT> <BR><FONT size=2>pid: 6403 ruid: 0 euid: 0 pgid: 6403 fid:
2000001 logid: 0 cmd: 'nss'</FONT> <BR><FONT size=2>domain: nss2 edomain:
nss2</FONT> <BR><FONT size=2>+|nss|ERROR|MAJOR|NSS|SERVER</FONT> <BR><FONT
size=2>-55|No buffer space available</FONT> <BR><FONT size=2>=Could not
connect to the httpsp proxy. The proxy may be down.</FONT> </P>
<P><FONT size=2>How can I see for sure that httpsp is running? When I
do a ps -axd, I don't see it. I may have been wrong about it looking
like it's running. That part I got from the "expert" that works with
these things full time at a different site. If it's not running right
now, how can I manually kick that off?</FONT></P>
<P><FONT size=2>Dave</FONT> </P><BR>
<P><FONT size=2>-----Original Message-----</FONT> <BR><FONT size=2>From:
Barry_X_Bisogni@consecofinance.com</FONT> <BR><FONT size=2>[<A
href="mailto:Barry_X_Bisogni@consecofinance.com">mailto:Barry_X_Bisogni@consecofinance.com</A>]</FONT> \
<BR><FONT size=2>Sent: Tuesday, December 11, 2001 10:52 AM</FONT> <BR><FONT
size=2>To: Jones, Dave Mr CIBER CONTR 81 HQ DCSIM</FONT> <BR><FONT
size=2>Cc: sidewinder@adeptech.com</FONT> <BR><FONT size=2>Subject: Re:
[Sidewinder] HTTPS problems</FONT> </P><BR><BR>
<P><FONT size=2>I have to ask, when you removed the generic HTTPS proxy
prior to the</FONT> <BR><FONT size=2>upgrade, did you move the original
HTTPS back to 443? The issue that was</FONT> <BR><FONT size=2>occuring
under 5.1.1 should have been fixed. If it's not logging
anything,</FONT> <BR><FONT size=2>that would be indicative that this is a
different issue. Have you talked</FONT> <BR><FONT size=2>to SCC?
What did they say? Does HTTPS start if you enable it?</FONT> </P>
<P><FONT size=2>Regards,</FONT> <BR><FONT size=2>Barry Bisogni</FONT>
<BR><FONT size=2>Network Security</FONT> <BR><FONT size=2>Conseco
FInance</FONT> </P><BR><BR><BR><BR><BR>
<P><FONT size=2>"Jones, Dave Mr CIBER CONTR 81 HQ DCSIM"</FONT> <BR><FONT
size=2><Dave.Jones@se.usar.army.mil>@adeptech.com on 12/11/2001
09:40:24 AM</FONT> </P>
<P><FONT size=2>Sent by: sidewinder-admin@adeptech.com</FONT> </P><BR>
<P><FONT size=2>To: sidewinder@adeptech.com</FONT> <BR><FONT
size=2>cc:</FONT> <BR><FONT size=2>Subject: [Sidewinder] HTTPS
problems</FONT> </P><BR><BR><BR>
<P><FONT size=2>We've had a problem with HTTPS running on the firewall in
the past, so we</FONT> <BR><FONT size=2>did a work-around that we got from
SecureComputing to create an HTTPS2.</FONT> <BR><FONT size=2>Before we did
the upgrade to 5.2, we switched back to the original HTTPS.</FONT> <BR><FONT
size=2>We did the upgrade, and everything ran great for about half a
week. Now,</FONT> <BR><FONT size=2>every morning when I come in HTTPS
isn't working. It looks like it's</FONT> <BR><FONT size=2>running, and
there's nothing at all in the daemond.log file. I was told</FONT>
<BR><FONT size=2>this was fixed, but could it have possibly not been
upgraded because the</FONT> <BR><FONT size=2>HTTPS proxy was disabled at the
time? Thanks in advance for any info.</FONT> </P>
<P><FONT size=2>Dave Jones</FONT> </P><BR><BR><BR>
<P><FONT size=2>_______________________________________________</FONT>
<BR><FONT size=2>Sidewinder mailing list</FONT> <BR><FONT
size=2>Sidewinder@adeptech.com</FONT> <BR><FONT size=2><A
href="http://mail.adeptech.com/mailman/listinfo/sidewinder"
target=_blank>http://mail.adeptech.com/mailman/listinfo/sidewinder</A></FONT>
</P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic