I have a port forward using iptables (tcp/443) and it's OK. But I can't access any web site that using https. I set my port forwarding with this commands:
iptables -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.60.2
iptables -A FORWARD -p tcp -m tcp -d 192.168.60.2 --dport 443 -m state --state NEW -j ACCEPT
thanks in advance for any help
you need to use state established,related instead of new
When you say 'any website' are you talking just internally or externally?
Originally Posted by ezalpar
Reason I ask is you did not define the inbound interface for your DNAT and thus the PREROUTE rule is applied to all interfaces and everything is DNAT'ed before it is routed.
Not really. All new connections require the NEW rule or they will not be accepted when running a stateful firewall.
Originally Posted by coopstah13