Menu
▾
▴
[Ejbca-develop] EJBCA behind a proxy and iptables config
|
From: Maxime_V <max...@so...> - 2010-03-10 10:14:47
|
Hello, To my mind, it's not a pure ejbca problem but probably a firewall issue. Maybe someone will still be able to help me. I'm using EJBCA 3.9.4 with : - JBOSS 5.1.0GA - Java "1.6.0_18" - Apache/2.2.3 on RHEL 5.2. After having installed EJBCA which was working fine on default setup (ports 8080 and 8443 for jboss), I decided to add a proxy apache on the same host using the HowTo provided on ejbca website. Everything was working fine until I turned on the Iptables firewall. With IPTABLES on, I can not for example edit an end-entity (time out when I try to save the modifications) or get an end-entity certificate. I have the following error in the apache error log : [Wed Mar 10 10:30:05 2010] [error] ajp_read_header: ajp_ilink_receive failed [Wed Mar 10 10:30:05 2010] [error] (120006)APR does not understand this error code: proxy: read response failed from 127.0.0.1:8009 (localhost) Iptables configuration seems good (extract below ) : iptables -L -v -n Chain INPUT (policy DROP 416 packets, 54428 bytes) pkts bytes target prot opt in out source destination 12377 8153K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 ... Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 116 packets, 12440 bytes) pkts bytes target prot opt in out source destination 12377 8153K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 Any idea why I'm facing this behavior ? (everything OK when I stop iptables...) I also think I found a small bug in EJBCA. When I set the status of an end-entity to "Historical", I still receive the expiration warning (with expiration checker service) for this entity. Known bug or normal behavior ? Thank your for your help ! Regards, Maxime VERAC -- View this message in context: http://old.nabble.com/EJBCA-behind-a-proxy-and-iptables-config-tp27847782p27847782.html Sent from the EjbCA - Dev mailing list archive at Nabble.com. |
