SV: SV: Port forwarding
Andy
ag1234 at carmen.se
Tue Jan 25 13:02:17 UTC 2005
Andre Speelmans wrote:
> AFAIK the SSL-certificate is not bound to an IP-address, so this
> should not give you any problem.
Right.
> This last one should read:
> iptables -t nat -A POSTROUTING -p tcp --sport 80 -s 65.114.4.69 \
> -j SNAT --to-source <your external IP address on this machine>
NO! that doesn't make sense. In http/https connections, the source port
is an arbitrary high port, and the _destination_ port is 80/443.
In order to forward the https trafic either change "80" to "443" end up
with 4 lines, 2 PREROUTING and 2 POSTROUTING or use the multiport
extension: "-m multiport --dports 80,443" in both lines of the original
example.
/Andy
More information about the users
mailing list