Some HTTPS connections via NAT fail, but work on firewall itself.

Posted by hnxn on Server Fault See other posts from Server Fault or by hnxn
Published on 2011-01-14T02:12:44Z Indexed on 2011/01/14 2:55 UTC
Read the original article Hit count: 330

Filed under:
|
|
|

Hi,

I am having trouble establishing some HTTPS connections from internal machines, even though these same connections work if initiated on the firewall itself.

The firewall machine is running Ubuntu 10.04.1 and shorewall 4.4.6. The internet connection is Bell PPPoE DSL (in Canada). I have tried various MTU settings, it doesn't seem to make any difference. Other protocols (HTTP, FTP, etc) generally work.

The problem seems to be limited to certain sites; this one never works from an internal machine, but always works from the firewall itself:

From internal machine:

$ wget https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif
--2011-01-13 20:51:31-- https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif
Resolving images.fedex.com... 184.24.96.69
Connecting to images.fedex.com|184.24.96.69|:443... connected.
^C

From firewall:

$ wget https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif
--2011-01-13 20:58:28-- https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif
Resolving images.fedex.com... 184.24.96.69
Connecting to images.fedex.com|184.24.96.69|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 840 [image/gif]
Saving to: `corp_logo.gif'
2011-01-13 20:58:28 (149 MB/s) - `corp_logo.gif' saved [840/840]

This URL always works from both internal and firewall: https://encrypted.google.com/images/logos/ssl_logo_lg.gif

Any troubleshooting tips would be greatly appreciated!

© Server Fault or respective owner

Related posts about nat

Related posts about https