Firewall Wizards mailing list archives
Allowing SSL connections through Linux firewall
From: Art Mason <amason () webinterlink net>
Date: Wed, 19 Apr 2000 01:02:23 -0500
Hello, this is my first post to the list. Just been here a few days and have already gleaned a wealth of information. Okay, here's the problem: I've set up a Linux box for a client of mine running NAT/IP Masquerading (ipchains) and SMTP (postfix). It allows the private network of 9 win32 boxes to browse and do e-mail over a 56 Kbps dialup digital line. All seems to be going well, except for the fact that when accessing an online banking account which initiates an SSL transaction, the connection just sits there and times out. However, the same machine can connect to the same ISP via modem, and complete the entire SSL-authenticated session w/ the same remote host error-free and w/o incident. I'm figuring that since default policy for ipchains handling external (Internet) traffic coming in is DENY, the remote host requesting acknowledgement from the local machine which started the SSL authentication sesson in the first place fails because IP masquerading isn't properly forwarding the SSL traffic to the local machine making the request correctly. Are there a fixed set of ports made w/ SSL authentication, and if so will I be able to plug these ports into the ipchains startup script w/ policies to correctly forward these SSL sessions w/o violating the integrity of the firewall? Any help would be greatly be appreciated, and my appologies if I posted to the wrong list. Art Mason Rio Datacom Technologies
Current thread:
- Allowing SSL connections through Linux firewall Art Mason (Apr 20)
- Re: Allowing SSL connections through Linux firewall Bennett Todd (Apr 20)