From owner-freebsd-questions Mon May 15 12: 4: 8 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp10.atl.mindspring.net (smtp10.atl.mindspring.net [207.69.200.246]) by hub.freebsd.org (Postfix) with ESMTP id C49E037B643 for ; Mon, 15 May 2000 12:04:03 -0700 (PDT) (envelope-from minaret@sprynet.com) Received: from client (user-33qsqn0.dialup.mindspring.com [199.174.106.224]) by smtp10.atl.mindspring.net (8.9.3/8.8.5) with SMTP id PAA22052 for ; Mon, 15 May 2000 15:04:01 -0400 (EDT) Message-ID: <004e01bfbea0$4c12ab80$0301a8c0@minaret> From: "Geoff Mottram" To: Subject: NAT and secure http (https) Date: Mon, 15 May 2000 15:03:40 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have recently installed FreeBSD 4.0 on a dedicated gateway machine with two network interface cards and I am using the PPP client to make a PPPoE connection over a DSL line. I have IP forwarding enabled, have turned on network address translation (NAT) and set up some ip forwarding rules in ppp.conf. Everything is working really well except for secure http connections. Even with all IP forwarding rules turned off (allow all traffic), I have had only occasional luck getting a https connection to work properly between MSIE 5.0 or Netscape 4.6, and servers on the Internet. I have used tcpdump to monitor the connection and either the client (the browser) or the server stops the conversation very early on. I am guessing the forwarding or address translation is being detected by one end or the other and is being treated as a security breach. I have searched high and low on both the FreeBSD site and the Internet but I can't find an answer to the following questions: Is there a problem using NAT with https? Do I need to set up a proxy server in order to handle this type of traffic? Thanks in advance for any assistance you can provide. Geoff Mottram minaret@sprynet.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message