Join Log in
Score:0
Sina Nouri avatar Server

iptables port forwarding 443 cause ssl error on chrome

uz flag
Sina Nouri

this is the story, i have 2 servers: server A ip: 1.1.1.1 hosting the website example.com server B ip: 2.2.2.2 minimal cent os

what i did is changed https://example.com ip address in dns configuration to 2.2.2.2 and then forwarded the 80 and 443 and 8443 from B to A. the problem is when i try to browse https://example.com on firefox everything is ok but on chrome i can only brows HTTP://example.com and HTTPS shows timeout error. here is my iptables config on B:

Chain PREROUTING (policy ACCEPT 1 packets, 44 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  !lo    *       0.0.0.0/0            2.2.2.2       tcp dpt:80 to:1.1.1.1:80
    4   240 DNAT       tcp  --  !lo    *       0.0.0.0/0            2.2.2.2       tcp dpt:443 to:1.1.1.1:443
    0     0 DNAT       tcp  --  !lo    *       0.0.0.0/0            2.2.2.2       tcp dpt:8443 to:1.1.1.1:8443

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   240 SNAT       tcp  --  *      !lo     0.0.0.0/0            1.1.1.1        to:2.2.2.2
    0     0 SNAT       tcp  --  *      !lo     0.0.0.0/0            1.1.1.1        to:2.2.2.2
    0     0 SNAT       tcp  --  *      !lo     0.0.0.0/0            1.1.1.1        to:2.2.2.2

can you please findout what am i doing wrong?

110
0 + 3
fr flag
Tomek
I suspect you should limit SNAT to DNAT-ed packets only... Could you show `iptables-save` output instead of `iptables -t nat -L`, it is usually more readable? From what IP address do you test, is it one of the above two machines or different system?
0
Reply
Sina Nouri avatar
uz flag
Sina Nouri
I am doing forwaring using CSF in csf.redirect file And i am testing with another machine, everything works on firefox but https not works on chromeium based browsers such as chrome and opera
0
Reply
fr flag
Tomek
At this point you probably need to peek into packet traces, starting with the test system (the one with the browsers) and depending on the outcome - moving to `B` system first and `A` system next.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.