Re: ipchains portforwarding for https

[Markus Kolb <debian@tower-net.de>]

Vineet Kumar wrote:
> * Markus Kolb (debian@tower-net.de) [031020 12:47]:
>
> > Hello,
> >
> > how can I setup a forwarding rule with ipchains that a connect to host A 
> > is redirected to the Apache-SSL webserver listening on host B.
> >
> > I want to have a transparent forwarding. The user should enter the 
> > address from host A in his browser and the webserver from host B should 
> > answer the requests.
> >
> > The webserver on host B is listening to all addresses at the specific 
> > port 423.
> >
> > So at the moment I try with
> > 	ipmasqadm autofw -A -v -r tcp 423 423 -h "${IP from host B}"
> > on host A.
> >
> > If I try to connect https://IP_host_A:423/ I get a connection timeout.
> >
> > I've just dumped the traffic with ethereal.
> > First there is an ICMP Redirect.
> > The browser sends a SYN request to the right host B from port 2090 to 423.
> > Host B answers with a SYN ACK to browser host from 423 to 2090.
> > After this browser sends a reset from 2090 to 423 at host B.
>
>
> It sounds like you're trying to do this on a host which is not a router
> between the browser host and host B.

It is a router and it forwards the port.
But only from the outside world, not the LAN side.
I've just tested it from another host in the Internet.
I think I need another masq rule in my forward chain. ;o)

Many thx for your answer