[Firewall] Having trouble with https port forwarding

Romy Roma bouroy at googlemail.com
Mon Mar 29 15:29:37 CEST 2010

thanks for your reply

I changed it as you suggested in my custom-rules the forward to:

But still does not work. Here now the output of the arno start script

Enabling SNAT via external interface(s): eth0
 Adding (internal) host(s):
(eth0) Forwarding(NAT) TCP port(s) 0/0:25,143 to
(eth0) Forwarding(NAT) TCP port(s) 0/0:443 to
Security is ENFORCED for external interface(s) in the FORWARD chain

Strange is that when I set a wrong destination port in the forward, the
browser gets a connection failed as expected, However when the right port is
set the browser get connected but get timeout and no reply.

When I disable AIF (bad idea, it is the only firewall I am using now) and
execute just this line it works fine:
iptables -t nat -A PREROUTING -s ! -m tcp -p tcp --dport 443
-j DNAT --to-destination

No idea what is blocking the forwarding when enable AIF

Many thanks

On Mon, Mar 29, 2010 at 2:13 PM, Gustin Johnson <gustin at meganerd.ca> wrote:

> Romy Roma wrote:
> <snip>
> >
> > �Adding (internal) host(s): <>
> > <>
> > (eth0) Forwarding(NAT) TCP port(s) 0/0:25,143 to
> > (eth0) Forwarding(NAT) TCP port(s) to
> You are only port forwarding if the source is, you might
> want to change that to 0/0 or to the IP and netmask of the source (if
> you want to lock down access).
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20100329/b0e13028/attachment.htm>

More information about the Firewall mailing list