ipchains portforwarding for https

To: debian-firewall@lists.debian.org
Subject: ipchains portforwarding for https
From: Markus Kolb <debian@tower-net.de>
Date: Mon, 20 Oct 2003 21:15:27 +0200
Message-id: <[🔎] 3F94344F.6060502@tower-net.de>

Hello,

how can I setup a forwarding rule with ipchains that a connect to host Ais redirected to the Apache-SSL webserver listening on host B.

I want to have a transparent forwarding. The user should enter theaddress from host A in his browser and the webserver from host B shouldanswer the requests.

The webserver on host B is listening to all addresses at the specificport 423.


So at the moment I try with
	ipmasqadm autofw -A -v -r tcp 423 423 -h "${IP from host B}"
on host A.

If I try to connect https://IP_host_A:423/ I get a connection timeout.

I've just dumped the traffic with ethereal.
First there is an ICMP Redirect.
The browser sends a SYN request to the right host B from port 2090 to 423.
Host B answers with a SYN ACK to browser host from 423 to 2090.
After this browser sends a reset from 2090 to 423 at host B.

Why there is a reset?
This match goes on for a few tries and a last reset from browser host.

Do you have any ideas for a solution?

thx so long

Reply to:

Follow-Ups:
- Re: ipchains portforwarding for https
  - From: Vineet Kumar <vineet@doorstop.net>

Prev by Date: Re: OT: Re: Thanks!
Next by Date: Re: OT: Re: Thanks!
Previous by thread: good Installation how-to for a secure Firewall
Next by thread: Re: ipchains portforwarding for https
Index(es):
- Date
- Thread