Some HTTPS connections via NAT fail, but work on firewall itself.
- by hnxn
Hi,
I am having trouble establishing some HTTPS connections from internal machines, even though these same connections work if initiated on the firewall itself.
The firewall machine is running Ubuntu 10.04.1 and shorewall 4.4.6. The internet connection is Bell PPPoE DSL (in Canada). I have tried various MTU settings, it doesn't seem to make any difference. Other protocols (HTTP, FTP, etc) generally work.
The problem seems to be limited to certain sites; this one never works from an internal machine, but always works from the firewall itself:
From internal machine:
$ wget https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif
--2011-01-13 20:51:31-- https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif
Resolving images.fedex.com... 184.24.96.69
Connecting to images.fedex.com|184.24.96.69|:443... connected.
^C
From firewall:
$ wget https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif
--2011-01-13 20:58:28-- https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif
Resolving images.fedex.com... 184.24.96.69
Connecting to images.fedex.com|184.24.96.69|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 840 [image/gif]
Saving to: `corp_logo.gif'
2011-01-13 20:58:28 (149 MB/s) - `corp_logo.gif' saved [840/840]
This URL always works from both internal and firewall: https://encrypted.google.com/images/logos/ssl_logo_lg.gif
Any troubleshooting tips would be greatly appreciated!