Masqueraded network cant login on yahoo mail or any secured sites.
1 Attachment(s)
Hi,
I am now very confused as to why i cant login on any secured sites since my firewall is setup to masquerade technique in iptables. Of course i can browse normally to any normal http connection. I attached my firewall script for you guys to help since im out of any ideas. Thank you. EDIT: I setup squid on the same box and configured browser to use that proxy. All is well, i can browse and login both normal and secured sites (ie yahoo mail) |
That is some firewall script you have there!
I didn't try to analyze the whole thing, but I did notice that you have rules in the ULTRABLOCK that can specifically block --dport 443 for some IP addresses. I also noticed in the PREROUTING chain that you have a rule that does a DNAT for --dport 80 but you have the corresponding rule for --dport 443 commented out. Along with those being a possible source of the problem, I wondered if one or more of the rules that drop packets based on string matching could be a problem. If you have not already done so, you might check your system log for DPT=443 and SPT=443 and see if you it gives a clue why such packets were dropped. It also might be worth while to look at the packet counts of your firewall rules: Code:
iptables -nvL | less Code:
/^[[:blank:]]*[1-9].*DROP BTW, do you really want to REJECT (rather than DROP) packets with illegal combinations of flags? |
$IPT -A PREROUTING -t mangle -p tcp --sport 443 -j TOS --set-tos Maximize-Throughput
$IPT -A PREROUTING -t mangle -p tcp --dport 443 -j TOS --set-tos Maximize-Throughput Try commenting those two lines out. Why are all the rules in the TOS section doubled up? |
All times are GMT -5. The time now is 06:00 AM. |