Subversion behind pfsense?

akarim

hello all.

i have noticed that our subversion server has stopped working properly after we switched to pfsense.

everything works from within the LAN (svn list, svn co, etc).

from outside the lan however, something like:

svn list http://svn.ourserver.ca/project/trunk

results in

PROPFIND request failed on /project/trunk
svn: PROPFIND of '/project/trunk': Could not read status line: Connection reset by peer http://svn.ourserver.ca

i haven't changed anything in our apache configs and cannot see any error messages related to this in the apache error log.

does anyone know if there is something at the pfsense end that i need to do to get this working again?

thanks any help in advance.

ak

Bern

@akarim:

from outside the lan however, something like:

svn list http://svn.ourserver.ca/project/trunk

results in

PROPFIND request failed on /project/trunk
svn: PROPFIND of '/project/trunk': Could not read status line: Connection reset by peer http://svn.ourserver.ca

i haven't changed anything in our apache configs and cannot see any error messages related to this in the apache error log.

I haven't tried to access pfSense over plain HTTP for more than five minutes after an install - I always change over to HTTPS straight away.

Have you changed pfSense's web interface to HTTPS instead of HTTP? If not, it's possible that the responses you're getting are from pfSense's own web server instead of your Apache server.

Have you port-forwarded TCP port 80 to your SVN server? Double-check and test again.

Post the (suitably-masked) output of

wget –save-headers -q -O - http://svn.ourserver.ca/ | sed -ne '1,/^\r$/p'

so that we can be sure it's your Apache that's responding.

Cry Havok

Did you forward port 80 to the Subversion server?

akarim

thanks for those suggestions.

no i am running pfsense through HTTP, but i have changed the port that it listens on to something other than 80.

yes port 80 is forwarded to the server running subversion (double checked this). from outside the LAN, i am able to go to the repository via a web browser i.e. http://svn.ourserver.ca takes me to the repository. i can see all the projects, etc. however accessing the repository via a client does not work.

i.e.

svn list http://svn.ourserver.ca 

still does not work.

the wget command just hung, it didn't give me anything.

akarim

any other suggestions? …. this is quite confusing ...

GruensFroeschli

If you can access it via a browser, the portforward itself is working.
–> Not a problem on the pfSense side.

Doublecheck if your client is correctly configured.

Bern

@akarim:

the wget command just hung, it didn't give me anything.

Can you run tcpdump on the interface and get somebody to make an inbound connection?

tcpdump -A -s 0 -n -i em0 port 80

naturally, replace "em0" with your WAN interface name

Post the results here.

akarim

@GruensFroeschli:

If you can access it via a browser, the portforward itself is working.
–> Not a problem on the pfSense side.

Doublecheck if your client is correctly configured.

I did that yesterday (rebuilt the client) and it didn't make a difference.

I tried AGAIN today, and guess what, it started working again. I am not sure if a patch was applied to the client overnight to fix something.

The fact that the repository was accessible by the browser and not via a client made me think that the client used a different set of HTTP methods to get to the repository.

In any event, thank you everyone for your help, I appreciate everyone's input.