Hi,

I am now very confused as to why i cant login on any secured sites since my firewall is setup to masquerade technique in iptables. Of course i can browse normally to any normal http connection. I attached my firewall script for you guys to help since im out of any ideas.

Thank you.

EDIT:
I setup squid on the same box and configured browser to use that proxy. All is well, i can browse and login both normal and secured sites (ie yahoo mail)

Attached Files

iptables-firewall.txt (25.8 KB, 18 views)

That is some firewall script you have there!

I didn't try to analyze the whole thing, but I did notice that you have rules in the ULTRABLOCK that can specifically block --dport 443 for some IP addresses. I also noticed in the PREROUTING chain that you have a rule that does a DNAT for --dport 80 but you have the corresponding rule for --dport 443 commented out. Along with those being a possible source of the problem, I wondered if one or more of the rules that drop packets based on string matching could be a problem.

If you have not already done so, you might check your system log for DPT=443 and SPT=443 and see if you it gives a clue why such packets were dropped. It also might be worth while to look at the packet counts of your firewall rules:

The first column will show you whether any packets had matched a particular rule. You can also use regular expressions to search for various things. For example, to search for rules with a target of DROP that had any matches, you might do the following search:



BTW, do you really want to REJECT (rather than DROP) packets with illegal combinations of flags?

$IPT -A PREROUTING -t mangle -p tcp --sport 443 -j TOS --set-tos Maximize-Throughput
$IPT -A PREROUTING -t mangle -p tcp --dport 443 -j TOS --set-tos Maximize-Throughput

Try commenting those two lines out.

Why are all the rules in the TOS section doubled up?