Find the answer to your Linux question:
Results 1 to 3 of 3
Hi I have a port forward using iptables (tcp/443) and it's OK. But I can't access any web site that using https. I set my port forwarding with this commands: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2009
    Posts
    3

    port forward


    Hi

    I have a port forward using iptables (tcp/443) and it's OK. But I can't access any web site that using https. I set my port forwarding with this commands:
    iptables -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.60.2
    iptables -A FORWARD -p tcp -m tcp -d 192.168.60.2 --dport 443 -m state --state NEW -j ACCEPT

    thanks in advance for any help

  2. #2
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    you need to use state established,related instead of new

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by ezalpar View Post
    Hi

    I have a port forward using iptables (tcp/443) and it's OK. But I can't access any web site that using https. I set my port forwarding with this commands:
    iptables -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.60.2
    iptables -A FORWARD -p tcp -m tcp -d 192.168.60.2 --dport 443 -m state --state NEW -j ACCEPT

    thanks in advance for any help
    When you say 'any website' are you talking just internally or externally?
    Reason I ask is you did not define the inbound interface for your DNAT and thus the PREROUTE rule is applied to all interfaces and everything is DNAT'ed before it is routed.

    Quote Originally Posted by coopstah13 View Post
    you need to use state established,related instead of new
    Not really. All new connections require the NEW rule or they will not be accepted when running a stateful firewall.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •