Re: [m0n0wall] HTTPS not getting through NAT and Firewall

From:	Reto Stalder <rstalder at gmail dot com>
To:	Sven Brill <madde at gmx dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] HTTPS not getting through NAT and Firewall
Date:	Thu, 6 Jul 2006 07:53:57 +0200

>>    Inbound NAT (If, Proto, Ext. port, NAT IP, Int. port):
>>    WAN, TCP, 443, 10.1.1.2, 443
>>    WAN, TCP, 80, 10.1.1.2, 80
>>
>>    Firewall rules for the WAN interface (Action, Proto, Source, Port,
>> Destination, Port):
>>    Pass, TCP, *, *, 10.1.1.2, 443
>>    Pass, TCP, *, *, 10.1.1.2, 80
>>
>> Can anybody give me a hint, what I'm doing wrong?
>>
>
> if the rules are truly identical as you describe, it should work.  
> Do you
> see anything in the logs?
No, the logs don't show anything in conjunction with port 443.

> If not, do you see anything when you log
> anything blocked by the default rule?
The log shows only blocked stuff to destination ports higher than  
1024 at the moment. If I try to connect to port 443 over the WAN  
interface and check the log afterwards, it does not show any 443 port  
related entries. This makes me assume that the problem lies in the  
NAT configuration and the firewall settings might be correct.

> Lastly, can you access the server
> on port 443 from inside your LAN?
Oops, forgot to tell: yes, the server works fine inside my LAN.

Could it be that NAT has difficulties with ESP and AP packets?

Would it be helpful, if I posted my config here?

Thanks,
Reto