Environment
Novell Access Manager 3 Linux Novell Identity Server
Situation
- Identity Server configured for authentication on port 443.
- Iptables configured with a rule such as:
"iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443"
or
"iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to <<IPADDRESS>>:8443" - With this setup, the Identity server health returns:
SSL Communication is not operating correctly! URLhttps://<<IPADDRESS>>:443/nidp/app/ping Error: Connection refused
(Required Action) Check SSL connectivity. Possible expired SSL certificate.
Resolution
The following is my /etc/init.d/idp_8443_redirect file (modified from Mark van Reijn's original)
# All rights reserved.
#
# Author: Mark van Reijn, Novell
#
#! /bin/sh
#! /etc/init.d/idp_8443_redirect
# ### BEGIN INIT INFO
# Provides: idp_8443_redirect
# Required-Start: SuSEfirewall2_setup $network $local_fs
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: Redirect 8443 to 443 for Novell IdP
### END INIT INFO #
# Environment-specific variables.
IPT_BIN=/usr/sbin/iptables
IDP_IP=10.5.0.31
. /etc/rc.status
# First reset status of this service
rc_reset
case "$1" in
start)
echo -n "Starting IP Port redirection"
$IPT_BIN -t nat --flush
$IPT_BIN -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to $IDP_IP:8443
$IPT_BIN -t nat -A OUTPUT -p tcp -d $IDP_IP --dport 443 -j DNAT --to $IDP_IP:8443
rc_status -v
;;
stop)
echo -n "Flushing all IP Port redirection rules"
$IPT_BIN -t nat --flush
rc_status -v
;;
restart)
$0 stop
$0 start
rc_status
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
rc_exit
Additional Information
The '$IPT_BIN -t nat -A OUTPUT -p tcp -d $IDP_IP --dport 443 -j DNAT --to $IDP_IP:8443' command above will not work on SLES 9 (only SLES 10/11). It is not required on the SLES9 OS.