0

this is the story, i have 2 servers: server A ip: 1.1.1.1 hosting the website example.com server B ip: 2.2.2.2 minimal cent os

what i did is changed https://example.com ip address in dns configuration to 2.2.2.2 and then forwarded the 80 and 443 and 8443 from B to A. the problem is when i try to browse https://example.com on firefox everything is ok but on chrome i can only brows HTTP://example.com and HTTPS shows timeout error. here is my iptables config on B:

Chain PREROUTING (policy ACCEPT 1 packets, 44 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  !lo    *       0.0.0.0/0            2.2.2.2       tcp dpt:80 to:1.1.1.1:80
    4   240 DNAT       tcp  --  !lo    *       0.0.0.0/0            2.2.2.2       tcp dpt:443 to:1.1.1.1:443
    0     0 DNAT       tcp  --  !lo    *       0.0.0.0/0            2.2.2.2       tcp dpt:8443 to:1.1.1.1:8443

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   240 SNAT       tcp  --  *      !lo     0.0.0.0/0            1.1.1.1        to:2.2.2.2
    0     0 SNAT       tcp  --  *      !lo     0.0.0.0/0            1.1.1.1        to:2.2.2.2
    0     0 SNAT       tcp  --  *      !lo     0.0.0.0/0            1.1.1.1        to:2.2.2.2

can you please findout what am i doing wrong?

Sina Nouri
  • 1
  • I suspect you should limit SNAT to DNAT-ed packets only... Could you show `iptables-save` output instead of `iptables -t nat -L`, it is usually more readable? From what IP address do you test, is it one of the above two machines or different system? – Tomek Oct 19 '22 at 07:52
  • I am doing forwaring using CSF in csf.redirect file And i am testing with another machine, everything works on firefox but https not works on chromeium based browsers such as chrome and opera – Sina Nouri Oct 19 '22 at 08:49
  • At this point you probably need to peek into packet traces, starting with the test system (the one with the browsers) and depending on the outcome - moving to `B` system first and `A` system next. – Tomek Oct 19 '22 at 10:19

0 Answers0