MIKROTIK - debug

[rimi]

Zdravim, potreboval bych poradit:
Mam ve vnitrni siti HTTP server (kerio), nastaven "harpin" nat, celkem vse funguje, no pri pristupu zevnitr pri prihlaseni pomoci neyabezpeceneho formulare se na serveru vytvori relace, no server vrati prihlasovaci obrazovku (podle me se odeslou data formulare pomoci https).
Pri prihlaseni pomoci zabezpeceneho spojeni vse funguje, zvenci nezabezpecene tez.
Je nejaka moznost debugu (nuluju pocitadla v NAT a firewalu, no to je takove ehm...)?

Pripadne, jde nejak mikrotikem udelat presmerovani (http:aa.bb/login.php => https:aa.bb/login.php )

[mirek.k]

To přesměrování na HTTPS je spíše věc web serveru.

[Noxus28]

a máte harpin spravení pre oba port 80 aj 443?

[rimi]

Doufam, ze to mam spravne:

jak-to-mam.PNG (22.77 KiB) Zobrazeno 2697 x

[Noxus28]

pravidlá vyzerajú v poriadku.
Debug na mkt asi jedine v miere Torch na rozhraní alebo len v pravidle zapnúť logovanie.
Rozumnejšie by ale asi bolo skôr skúsiť nájsť nejaký log na samotnom servery, ktorý by povedal asi niečo viac.
A ako vravel mirek, bežne sa vo webserveroch nastaví aby príchodzie dotazy vždy smeroval na HTTPS. Aspoň na apache sme to tak dávali tam kde bola potrebná zabezpečená komunikácia

[rimi]

Napada me, ze DNS bude rozdavat statickou adresu smerujici na konkretni vnitrni IP, verim, ze v 99% pripadu to bude fungovat

[Noxus28]

Ak je možnosť local DNS tak určite.

[rimi]

Napada me jeste firewall, tam mam vyjmenovano, co povolit, zbytek drop, no navazane spojeni TCP/UDP poustim, docasne jsem vypnul, beze zmeny.
Tu je gebug log ze serveru (port 4040 je admin rozhrani, to funguje dobre):

Kód: Vybrat vše

[15/Apr/2019 15:36:19][2460] {conn} Closing socket 7044
[15/Apr/2019 15:36:24][3920] {conn} Connection timeout after 15000 ms (local=10.5.4.101:80, remote=10.5.4.2:60629)
[15/Apr/2019 15:36:24][3920] {conn} Closing socket 5168
[15/Apr/2019 15:36:58][3612] {conn} SSL debug: id 04D88B48 SSL3 alert writeclose notify
[15/Apr/2019 15:36:58][3612] {conn} Closing socket 7568
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL handshake started: before/accept initialization
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL_accept:before/accept initialization
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client hello A
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server hello A
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write change cipher spec A
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write finished A
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read finished A
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read finished A
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read finished A
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL handshake done: SSL negotiation finished successfully
[15/Apr/2019 15:37:00][3508] {conn} Established secure server connection from 10.5.4.13:60641 to 10.5.4.101:4040 using TLSv1/SSLv3 with cipher AES128-SHA, id 04D0D010
[15/Apr/2019 15:37:00][3508] {conn} SSL debug: id 04D88B48 SSL3 alert writeclose notify
[15/Apr/2019 15:37:00][3508] {conn} Closing socket 4740
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL handshake started: before/accept initialization
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL_accept:before/accept initialization
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client hello A
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server hello A
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write change cipher spec A
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write finished A
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read finished A
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read finished A
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read finished A
[15/Apr/2019 15:37:00][660] {conn} SSL debug: id 04D88B48 SSL handshake done: SSL negotiation finished successfully
[15/Apr/2019 15:37:00][660] {conn} Established secure server connection from 10.5.4.13:60642 to 10.5.4.101:4040 using TLSv1/SSLv3 with cipher AES128-SHA, id 04D0D010
[15/Apr/2019 15:37:07][1304] {conn} Closing socket 7044
[15/Apr/2019 15:37:12][1688] {conn} Connection timeout after 15000 ms (local=10.5.4.101:80, remote=10.5.4.2:60639)
[15/Apr/2019 15:37:12][1688] {conn} Closing socket 4452
[15/Apr/2019 15:38:32][660] {conn} Connection timeout after 15000 ms (local=10.5.4.101:4040, remote=10.5.4.13:60642)
[15/Apr/2019 15:38:32][660] {conn} SSL debug: id 04D88B48 SSL3 alert writeclose notify
[15/Apr/2019 15:38:32][660] {conn} Closing socket 4740
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL handshake started: before/accept initialization
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:before/accept initialization
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client hello A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server hello A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write certificate A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server done A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read client certificate A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read client certificate A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client key exchange A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read finished A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write change cipher spec A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write finished A
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL handshake done: SSL negotiation finished successfully
[15/Apr/2019 15:38:35][3508] {conn} Established secure server connection from 10.5.4.13:60646 to 10.5.4.101:4040 using TLSv1/SSLv3 with cipher AES128-SHA, id 04D0D010
[15/Apr/2019 15:38:35][3508] {conn} SSL debug: id 04D88B48 SSL3 alert writeclose notify
[15/Apr/2019 15:38:35][3508] {conn} Closing socket 7072
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL handshake started: before/accept initialization
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:before/accept initialization
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client hello A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server hello A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write certificate A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server done A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read client certificate A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read client certificate A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client key exchange A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read finished A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write change cipher spec A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write finished A
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:38:35][660] {conn} SSL debug: id 04D88B48 SSL handshake done: SSL negotiation finished successfully
[15/Apr/2019 15:38:35][660] {conn} Established secure server connection from 10.5.4.13:60647 to 10.5.4.101:4040 using TLSv1/SSLv3 with cipher AES128-SHA, id 04D0D010
[15/Apr/2019 15:39:32][660] {conn} Connection timeout after 15000 ms (local=10.5.4.101:4040, remote=10.5.4.13:60647)
[15/Apr/2019 15:39:32][660] {conn} SSL debug: id 04D88B48 SSL3 alert writeclose notify
[15/Apr/2019 15:39:32][660] {conn} Closing socket 7072
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL handshake started: before/accept initialization
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:before/accept initialization
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client hello A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server hello A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write certificate A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server done A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read client certificate A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read client certificate A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client key exchange A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read finished A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write session ticket A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write change cipher spec A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write finished A
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL handshake done: SSL negotiation finished successfully
[15/Apr/2019 15:40:09][3508] {conn} Established secure server connection from 10.5.4.13:60657 to 10.5.4.101:4040 using TLSv1/SSLv3 with cipher AES128-SHA, id 04D0D010
[15/Apr/2019 15:40:09][3508] {conn} SSL debug: id 04D88B48 SSL3 alert writeclose notify
[15/Apr/2019 15:40:09][3508] {conn} Closing socket 6724
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL handshake started: before/accept initialization
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:before/accept initialization
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client hello A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server hello A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write certificate A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server done A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read client certificate A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read client certificate A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client key exchange A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read finished A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write session ticket A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write change cipher spec A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write finished A
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:40:09][660] {conn} SSL debug: id 04D88B48 SSL handshake done: SSL negotiation finished successfully
[15/Apr/2019 15:40:09][660] {conn} Established secure server connection from 10.5.4.13:60658 to 10.5.4.101:4040 using TLSv1/SSLv3 with cipher AES128-SHA, id 04D0D010
[15/Apr/2019 15:41:09][660] {conn} Connection timeout after 15000 ms (local=10.5.4.101:4040, remote=10.5.4.13:60658)
[15/Apr/2019 15:41:09][660] {conn} SSL debug: id 04D88B48 SSL3 alert writeclose notify
[15/Apr/2019 15:41:09][660] {conn} Closing socket 6724
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL handshake started: before/accept initialization
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL_accept:before/accept initialization
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client hello A
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server hello A
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write change cipher spec A
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write finished A
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read finished A
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read finished A
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read finished A
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL handshake done: SSL negotiation finished successfully
[15/Apr/2019 15:42:29][3508] {conn} Established secure server connection from 10.5.4.13:60667 to 10.5.4.101:4040 using TLSv1/SSLv3 with cipher AES128-SHA, id 04D0D010
[15/Apr/2019 15:42:29][3508] {conn} SSL debug: id 04D88B48 SSL3 alert writeclose notify
[15/Apr/2019 15:42:29][3508] {conn} Closing socket 7516
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL handshake started: before/accept initialization
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL_accept:before/accept initialization
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read client hello A
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write server hello A
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write change cipher spec A
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 write finished A
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 flush data
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read finished A
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL_accept:error in SSLv3 read finished A
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL_accept:SSLv3 read finished A
[15/Apr/2019 15:42:29][660] {conn} SSL debug: id 04D88B48 SSL handshake done: SSL negotiation finished successfully
[15/Apr/2019 15:42:29][660] {conn} Established secure server connection from 10.5.4.13:60668 to 10.5.4.101:4040 using TLSv1/SSLv3 with cipher AES128-SHA, id 04D0D010