[clue-tech] iptables firewall and SSL
Bruce Ediger
bediger at inlumineconsulting.com
Tue May 19 12:21:02 MDT 2009
Can anyone point me to good web pages on iptables firewalling? The stuff
I've found is either very basic, or tends to contain very obvious errors.
More specifically, I'm curious about any bad interactions between SSL and
iptables.
I'm trying to solve a problem that I can't post many details for, as the
server in question is powered down right now. I set up my Cisco 678
DSL modem in "bridging" mode, and got a stock Slackware 12.2 box with
2 ethernet cards to do NAT, DNS and DHCP on my side, via the PPPoE
driver that comes with Slackware 12.2
The problem was that http://www.citicards.com does an HTTP 304 "permanently
moved" redirect to https://www.citicards.com/blah/blah/blah.do
The iptables rules I came up with just wouldn't let the SSL part of HTTPS
pass. No error, no "network unreachable", just apparently a connect()
system call timeout. I tried firefox, Safari (on a Mac), wget and even
"nssl", the SSL version of netcat. All of them seemed to do the same
thing, wait for the connect() system call to finish, which it never did.
More information about the clue-tech
mailing list