Hello,

I've a strange problem with an internet connection over https with using ip_tables on an Suse 9.0 Linux system.
The client PC's are set up to use a squid-proxy server on machine A, were a SuSE Linux 7.3 system is running on.
The squid server on machine A is not directly connected to the internet.
The internet connection is established with an nat-rule on machine B which is used as firewall. The system running on machine B is SuSE 9.0 with kernel 2.4.21 an ip-tables version v1.2.8.

The problem is, whenever an client PC uses an https connection (with machine A as Proxy), the browser needs a lot of time for showing a result and much more time until an complete site is shown. With non-https connection there is no problem.

Are there any problems with SuSE9.0's iptables and https connections over https?

Thanx for any help!

What kind of clients do you have?

MSIE has big (!) problems with https, and except for MSIE 6, https over proxies is practically impossible when keepalive is on.

There is a MS knowledge base article about this, search for "Internet Explorer keepalive"

The Clients uses Internet Explorer and Netscape, the Problem is the same.
Are there any modules which should be loaded for ssl over nat except of: iptable_mangle
ipt_MASQUERADE
ipt_state
iptable_filter
ip_gre
ip_nat_ftp
iptable_nat
ip_tables
ip_conntrack_ftp
ip_conntrack

The nat rule uses MASQUERADE:
iptables -t nat -A POSTROUTING -o $INTERNAL_NET -j MASQUERADE

Do I have to load additional modules or is there an fault in the rule?

Many thanks for help!