Https blocked !!?

Home Page Forums Network Management ZeroShell Https blocked !!?

This topic contains 11 replies, has 0 voices, and was last updated by  sample31 9 years, 5 months ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #42009

    sample31
    Member

    Can someone help me allow to open https trafic thru Zeroshell please?

    Thanx

    #49003

    ppalias
    Member

    Check the firewall if there is any blocking rule on the forward chain.

    #49004

    sample31
    Member

    @ppalias wrote:

    Check the firewall if there is any blocking rule on the forward chain.

    Thanx for the reply.

    I check my rules, but everything is open on all chains.

    All http requests work fine, but when I make a https request (ie gmail.com), it doesn’t reach the destination.

    Thanx

    #49005

    giancagianca
    Member

    Nat is configured?
    Transarent proxy is enable?
    If nat is disable and transparent proxy is enable only http is enable.

    Bye.

    #49006

    sample31
    Member

    @giancagianca wrote:

    Nat is configured?
    Transarent proxy is enable?
    If nat is disable and transparent proxy is enable only http is enable.

    Bye.

    Thanx for the reply Giancagiance

    Nat is correctly configured on ETH0
    Transparent proxy is enable.
    The captive portal allows users to connect to Internet, but any https request doesn’t work.
    I tried to recompile havp with –enable-ssl-tunnel option, but without results.

    Thanx in advance for help

    #49007

    ppalias
    Member

    What is shown on the screen when someone tries to access an https page?
    Show us the output of the following commands (in shell)

    iptables -L -v
    iptables -t nat -L -v
    #49008

    sample31
    Member

    Thanx for the help ppalias

    Here are the results of iptables -L -v :

    root@zeroshell root> iptables -L -v
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    61952 18M SYS_INPUT all — any any anywhere anywhere
    0 0 SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:http
    2144 253K SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:https
    6089 353K SYS_SSH tcp — any any anywhere anywhere tcp dpt:ssh
    23075 14M ACCEPT all — any any anywhere anywhere

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    77 3964 ACCEPT all — any any anywhere anywhere
    0 0 CapPort all — any any anywhere anywhere

    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    69380 27M SYS_OUTPUT all — any any anywhere anywhere
    64802 26M ACCEPT all — any any anywhere anywhere

    Chain CapPort (1 references)
    pkts bytes target prot opt in out source destination
    0 0 CapPortACL all — ETH00 any anywhere anywhere

    Chain CapPortACL (1 references)
    pkts bytes target prot opt in out source destination
    0 0 CapPortFS all — any any anywhere anywhere
    0 0 CapPortFC all — any any anywhere anywhere
    0 0 CapPortWL all — any any anywhere anywhere
    0 0 DROP all — any any anywhere anywhere

    Chain CapPortFC (1 references)
    pkts bytes target prot opt in out source destination

    Chain CapPortFS (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp — any any anywhere anywhere udp dpt:domain
    0 0 ACCEPT udp — any any anywhere anywhere udp dpt:bootps

    Chain CapPortWL (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — any any 192.168.0.81 anywhere MAC 00:19:DB:B4:20:5B
    0 0 ACCEPT all — any any 192.168.0.80 anywhere MAC 00:0C:29:EE:12:50

    Chain NetBalancer (0 references)
    pkts bytes target prot opt in out source destination

    Chain SYS_HTTPS (2 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo any anywhere anywhere
    2144 253K ACCEPT all — any any anywhere anywhere

    Chain SYS_INPUT (1 references)
    pkts bytes target prot opt in out source destination
    3006 363K ACCEPT all — lo any anywhere anywhere
    26821 2683K ACCEPT tcp — ETH00 any anywhere anywhere tcp dpts:12080:12083
    0 0 DROP tcp — any any anywhere anywhere tcp dpts:12080:12083
    523 120K ACCEPT udp — any any anywhere anywhere udp spt:domain state ESTABLISHED
    94 122K ACCEPT tcp — any any anywhere anywhere tcp spt:http state ESTABLISHED
    0 0 ACCEPT tcp — any any anywhere anywhere tcp spt:8245 state ESTABLISHED
    200 15200 ACCEPT udp — any any anywhere anywhere udp spt:ntp state ESTABLISHED
    31308 15M RETURN all — any any anywhere anywhere

    Chain SYS_OUTPUT (1 references)
    pkts bytes target prot opt in out source destination
    3006 363K ACCEPT all — any lo anywhere anywhere
    1259 90874 ACCEPT udp — any any anywhere anywhere udp dpt:domain
    42 1987 ACCEPT tcp — any any anywhere anywhere tcp dpt:http
    0 0 ACCEPT tcp — any any anywhere anywhere tcp dpt:8245
    271 20596 ACCEPT udp — any any anywhere anywhere udp dpt:ntp
    64802 26M RETURN all — any any anywhere anywhere

    Chain SYS_SSH (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo any anywhere anywhere
    6089 353K ACCEPT all — any any 192.168.0.0/24 anywhere
    0 0 DROP all — any any anywhere anywhere


    And here are the results of iptables -t nat -L -v

    root@zeroshell root> iptables -t nat -L -v
    Chain PREROUTING (policy ACCEPT 5592 packets, 583K bytes)
    pkts bytes target prot opt in out source destination
    6570 638K CapPort all — any any anywhere anywhere
    0 0 DNAT tcp — any any anywhere anywhere tcp dpt:8082 to:10.20.4.12:8082
    0 0 Proxy tcp — any any anywhere anywhere tcp dpt:http

    Chain POSTROUTING (policy ACCEPT 1957 packets, 342K bytes)
    pkts bytes target prot opt in out source destination
    1959 342K SNATVS all — any any anywhere anywhere
    2 107 MASQUERADE all — any ETH00 anywhere anywhere

    Chain OUTPUT (policy ACCEPT 1931 packets, 340K bytes)
    pkts bytes target prot opt in out source destination

    Chain CapPort (1 references)
    pkts bytes target prot opt in out source destination
    192 11052 CapPortHTTP tcp — ETH00 any anywhere anywhere tcp dpt:http
    271 13020 CapPortHTTPS tcp — ETH00 any anywhere anywhere tcp dpt:https
    0 0 CapPortGW tcp — ETH00 any anywhere anywhere tcp dpt:12080
    517 30780 CapPortGW tcp — ETH00 any anywhere anywhere tcp dpt:12081

    Chain CapPortGW (2 references)
    pkts bytes target prot opt in out source destination
    517 30780 REDIRECT tcp — any any anywhere anywhere

    Chain CapPortHTTP (1 references)
    pkts bytes target prot opt in out source destination
    150 9000 CapPortProxy all — any any 192.168.0.81 anywhere MAC 00:19:DB:B4:20:5B
    39 1872 CapPortProxy all — any any 192.168.0.80 anywhere MAC 00:0C:29:EE:12:50
    3 180 REDIRECT tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 10/min burst 15 mode srcip-dstport redir ports 12080
    0 0 DROP tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
    0 0 REDIRECT tcp — any any anywhere anywhere redir ports 12080

    Chain CapPortHTTPS (1 references)
    pkts bytes target prot opt in out source destination
    1 60 ACCEPT all — any any 192.168.0.81 anywhere MAC 00:19:DB:B4:20:5B
    255 12240 ACCEPT all — any any 192.168.0.80 anywhere MAC 00:0C:29:EE:12:50
    6 288 REDIRECT tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 10/min burst 15 mode srcip-dstport redir ports 12081
    0 0 DROP tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
    0 0 REDIRECT tcp — any any anywhere anywhere redir ports 12081

    Chain CapPortProxy (2 references)
    pkts bytes target prot opt in out source destination
    189 10872 Proxy tcp — any any anywhere anywhere tcp dpt:http
    0 0 ACCEPT all — any any anywhere anywhere

    Chain Proxy (2 references)
    pkts bytes target prot opt in out source destination
    189 10872 REDIRECT tcp — ETH00 any anywhere anywhere redir ports 8080

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination

    Users wait until the message “timeout exceeded” is shown.

    Thanx for the help

    #49009

    ppalias
    Member

    Are you trying to allow inbound connections from the internet to an internal https server? Or users from your inside network are trying to access an https webpage on the internet?

    #49010

    sample31
    Member

    @ppalias wrote:

    Are you trying to allow inbound connections from the internet to an internal https server? Or users from your inside network are trying to access an https webpage on the internet?

    I just want users (from internal network) to have access to https (ie gmail.com…)

    Thanx for the help

    #49011

    ppalias
    Member

    What are the network interfaces of your ZS? ETH00 is for the internet or the clients? What are the other interfaces for?

    #49012

    sample31
    Member

    @ppalias wrote:

    What are the network interfaces of your ZS? ETH00 is for the internet or the clients? What are the other interfaces for?

    ETH0 is the Internal Network interface
    ETH1 is the admin interface
    ETH2 is the Internet interface

    Thanx in advance for the help ppalias

    #49013

    ppalias
    Member

    NAT is done on the internet interface, so turn it to ETH02

    #49014

    sample31
    Member

    @ppalias wrote:

    NAT is done on the internet interface, so turn it to ETH02

    Thanx ppalias.

    It Works perfectly!! Https requests works fine now.

    Thanx a lot for your support ppalias.

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.