Mailing List Archive: Dirmngr and proxy

Dirmngr and proxy

Dec 29, 2004, 3:09 PM

Post #1 of 4 (3842 views)

I have a network where all outgoing traffic must pass through a proxy server.
The proxy server, 192.168.1.4, runs both an http proxy at port 3128 and an
LDAP proxy (slapd) at port 389.

Dirmngr on a client is running:

/usr/pkg/bin/dirmngr --daemon \
--http-proxy http://192.168.1.4:3128 \
--ldap-proxy 192.168.1.4

When I try a test signing the uses certificate with an http crlDP, I see an
outgoing message on 192.168.1.4 from the client to 192.168.1.4 that's blocked
by the firewall.

What am I doing wrong?

--
John R. Shannon
john@johnrshannon.com
john.r.shannon@saic.com
shannonjr@NetBSD.org

Re: Dirmngr and proxy [ In reply to ]

bernhard at intevation

Jan 3, 2005, 10:17 AM

Post #2 of 4 (3747 views)

Permalink

On Wed, Dec 29, 2004 at 03:09:36PM -0700, John R. Shannon wrote:
> I have a network where all outgoing traffic must pass through a proxy server.
> The proxy server, 192.168.1.4, runs both an http proxy at port 3128 and an
> LDAP proxy (slapd) at port 389.
>
> Dirmngr on a client is running:
>
> /usr/pkg/bin/dirmngr --daemon \
> --http-proxy http://192.168.1.4:3128 \
> --ldap-proxy 192.168.1.4
>
> When I try a test signing the uses certificate with an http crlDP, I see an
> outgoing message on 192.168.1.4 from the client to 192.168.1.4 that's blocked
> by the firewall.

Debug your firewall?

Seriously: It seems fine behaviour from your description unless the port
is wrong, so I guess you need to bring in more details before somebody
can help you. (Or am I missing something obvious here?)

Re: Dirmngr and proxy [ In reply to ]

john at johnrshannon

Jan 3, 2005, 10:30 AM

Post #3 of 4 (3737 views)

Permalink

I did not include enough information.

The outgoing message on 192.168.1.4 is to 192.168.1.4:80, indicating that the
LDAP server is using the specified http-proxy IP address, but, not the port
number.

On Monday 03 January 2005 10:17 am, Bernhard Reiter wrote:
> On Wed, Dec 29, 2004 at 03:09:36PM -0700, John R. Shannon wrote:
> > I have a network where all outgoing traffic must pass through a proxy
> > server. The proxy server, 192.168.1.4, runs both an http proxy at port
> > 3128 and an LDAP proxy (slapd) at port 389.
> >
> > Dirmngr on a client is running:
> >
> > /usr/pkg/bin/dirmngr --daemon \
> > --http-proxy http://192.168.1.4:3128 \
> > --ldap-proxy 192.168.1.4
> >
> > When I try a test signing the uses certificate with an http crlDP, I see
> > an outgoing message on 192.168.1.4 from the client to 192.168.1.4 that's
> > blocked by the firewall.
>
> Debug your firewall?
>
> Seriously: It seems fine behaviour from your description unless the port
> is wrong, so I guess you need to bring in more details before somebody
> can help you. (Or am I missing something obvious here?)

--
John R. Shannon
john@johnrshannon.com

Re: Dirmngr and proxy [ In reply to ]

bernhard at intevation

Jan 3, 2005, 11:38 AM

Post #4 of 4 (3753 views)

Permalink

On Mon, Jan 03, 2005 at 10:30:32AM -0700, John R. Shannon wrote:
> I did not include enough information.
>
> The outgoing message on 192.168.1.4 is to 192.168.1.4:80,
> indicating that the LDAP server is using the specified http-proxy
> IP address, but, not the port number.

Do you mean the "dirmngr" doing the request or your LDAP proxy?

> On Monday 03 January 2005 10:17 am, Bernhard Reiter wrote:
> > On Wed, Dec 29, 2004 at 03:09:36PM -0700, John R. Shannon wrote:
> > > I have a network where all outgoing traffic must pass through a proxy
> > > server. The proxy server, 192.168.1.4, runs both an http proxy at port
> > > 3128 and an LDAP proxy (slapd) at port 389.
> > >
> > > Dirmngr on a client is running:
> > >
> > > /usr/pkg/bin/dirmngr --daemon \
> > > --http-proxy http://192.168.1.4:3128 \
> > > --ldap-proxy 192.168.1.4
> > >
> > > When I try a test signing the uses certificate with an http crlDP, I see
> > > an outgoing message on 192.168.1.4 from the client to 192.168.1.4 that's
> > > blocked by the firewall.
> >
> > Debug your firewall?
> >
> > Seriously: It seems fine behaviour from your description unless the port
> > is wrong, so I guess you need to bring in more details before somebody
> > can help you. (Or am I missing something obvious here?)
>
> --
> John R. Shannon
> john@johnrshannon.com

> _______________________________________________
> Gpa-dev mailing list
> Gpa-dev@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gpa-dev

--
Professional Service for Free Software (intevation.net)
The FreeGIS Project (freegis.org)
FSFE (fsfeurope.org)