[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains portforwarding for https

Vineet Kumar wrote:
* Markus Kolb (debian@tower-net.de) [031020 12:47]:


how can I setup a forwarding rule with ipchains that a connect to host A is redirected to the Apache-SSL webserver listening on host B.

I want to have a transparent forwarding. The user should enter the address from host A in his browser and the webserver from host B should answer the requests.

The webserver on host B is listening to all addresses at the specific port 423.

So at the moment I try with
	ipmasqadm autofw -A -v -r tcp 423 423 -h "${IP from host B}"
on host A.

If I try to connect https://IP_host_A:423/ I get a connection timeout.

I've just dumped the traffic with ethereal.
First there is an ICMP Redirect.
The browser sends a SYN request to the right host B from port 2090 to 423.
Host B answers with a SYN ACK to browser host from 423 to 2090.
After this browser sends a reset from 2090 to 423 at host B.

It sounds like you're trying to do this on a host which is not a router
between the browser host and host B.

It is a router and it forwards the port.
But only from the outside world, not the LAN side.
I've just tested it from another host in the Internet.
I think I need another masq rule in my forward chain. ;o)

Many thx for your answer

Reply to: