Upon startup of the Enforce server, it is not possible to login to the UI. There is no spinning or waiting (hourglass); the Web site is not available.
IP tables are used to redirect ports below 1023 to the Symantec DLPenvironment. This is due to the restrictions that non-root processes cannot hold onto the lower ports. IP tables are a usually in place to reroute the ports. In our case, the IP tables redirect the https port to 8443.
Test whether the Symantec DLPapplication is running by logging in through https://<machine>:8443.
If there is a problem logging into the port, the IP tables are either not running or setup incorrectly. The System Administrator usually modifies or maintains the tables.
The following example shows how Symantec DLPhas configured the IP tables on one of our reference systems.
The following configuration is done from within the /etc/sysconfig directory:
[root@machine sysconfig]# cat iptables # Generated by iptables-save v1.2.11 on Tue Jan 23 15:20:40 2007 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 COMMIT # Completed on Tue Jan 23 15:20:40 2007 # Generated by iptables-save v1.2.11 on Tue Jan 23 15:20:40 2007 *filter :INPUT ACCEPT [14166:2707803] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [13531:5682531] :Vontu-INPUT - [0:0] -A INPUT -p tcp -j Vontu-INPUT -A Vontu-INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A Vontu-INPUT -p tcp -m tcp --dport 1025:65535 -j ACCEPT COMMIT # Completed on Tue Jan 23 15:20:40 2007 [root@machine sysconfig]#
If the /etc/sysconfig file is indeed incorrect, an update is in order, in addition to reloading the configuration through the following commands:
[root@machine sysconfig]# /etc/init.d/iptables stop Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter nat [ OK ] Unloading iptables modules: [ OK ]