Re: Bank site not working

From: Gaetan Martineau (gmartiPASDESPAM_at_mediom.qc.ca)
Date: 12/19/03

  • Next message: Tim Haynes: "Re: Which port to block for ping, and how?" 
    Date: Fri, 19 Dec 2003 06:16:21 -0500

    norman wrote:
    > Doug Laidlaw <laidlaws@myaccess.com.au> wrote in message news:<lpa8b1-bj5.ln1@dougshost.mydomain.org.au>...
    >
    >>Dave Millen wrote:
    >>
    >>
    >>>On Thu, 18 Dec 2003 19:54:14 +1100, Doug Laidlaw wrote:
    >>>
    >>>
    >>>>When I click on a button on my bank's page, it should open another window
    >>>>where I enter my pass details and my account details are shown.
    >>>>Suddenly, nothing happens at all in Mozilla, and in Konqueror I get a
    >>>>message that it has been blocked on port 443.
    >>>>
    >>>>I have recently installed GuardDog, but that was a few weeks back. Do I
    >>>>need to open up port 443, or is that entirely at the Bank end?
    >>>>
    >>>>Doug.
    >>>
    >>>Port 443 is HTTPS and you will need to allow it through your firewall for
    >>>your bank site to work.
    >>>
    >>>HTH
    >>>Dave
    >>
    >>Thanks Dave. HTTP via SSL was NOT enabled. Now Konqueror works, but
    >>Mozilla isn't any different. This must be a problem in Mozilla.
    >>
    >>Doug.
    >
    >
    > Are you using a proxy? Remember that the HTTP proxy is configured
    > separately to the SSL proxy.

    Most interesting thread for me as data from the bank is here
    **sometimes** or **often** blocked (why not always?). Trouble appears
    both under Windows and Linux, likely because of our linux firewall
    setup. (?) Now the iptables script running on it is below. (Honestly, I
    don't understand most of it)

    Why is a line "port forwarding" as comment? Activating it does not help.
    I may try other scripts. But any help here would be greatly appreciated.

    Gaetan

     From http://www.linuxguruz.com/iptables/scripts/rc.firewall_024.txt:

    #!/bin/sh
     

    # Internal and External Devices
    dev_world=ppp0
    dev_int=eth0
     
     

    # Firewall IP
    addr_int=192.168.0.3
     
     

    # Internal Net
    net_int=192.168.0.0/24
     
     

    #################################################################
    # Load Modules
    insmod ip_tables
    insmod ip_conntrack
    insmod ip_conntrack_ftp
    insmod ipt_state
    insmod iptable_nat
    insmod ipt_MASQUERADE
     
     

    #################################################################
    # Delete all Rules in Filtertable
    iptables -F
     
     

    #################################################################
    # Define new chains
    iptables -N BLOCK
    iptables -N EXT-INT
    iptables -N INT-EXT
    iptables -N ICMP-DENY
    iptables -N INT-IF
    iptables -N EXT-IF
     
     

    #################################################################
     
     

    iptables -A BLOCK -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A BLOCK -m state --state NEW -i ! $dev_world -j ACCEPT
    iptables -A BLOCK -j DROP
     
     

    iptables -A INPUT -j BLOCK
    iptables -A FORWARD -j BLOCK
     
     

    #################################################################
    # Point to chains
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -i $dev_int -s $net_int -j INT-IF
    iptables -A INPUT -d ! $addr_int -i $dev_world -s ! $net_int -j EXT-IF
    iptables -A INPUT -j DROP
     
     

    iptables -A FORWARD -d ! $net_int -i $dev_world -s $net_int -j INT-EXT
    iptables -A FORWARD -d $net_int -i $dev_int -s ! $net_int -j EXT-INT
    iptables -A FORWARD -j DROP
     
     

    iptables -A OUTPUT -j ACCEPT
     
     

    #################################################################
    # Chain Rules
    iptables -A EXT-INT -j DROP
     
     

    iptables -A EXT-IF -i ! $dev_world -j DROP
    iptables -A EXT-IF -p tcp --dport 22 -j ACCEPT
    iptables -A EXT-IF -p tcp --dport 5901 -j ACCEPT
    iptables -A EXT-IF -p tcp --dport 1024: -j ACCEPT
    iptables -A EXT-IF -p udp --dport 1024: -j ACCEPT
    iptables -A EXT-IF -j DROP
     
     

    iptables -A INT-IF -j ACCEPT
     
     

    ################################################################
    # NAT Rules
    # Standard Routing
    iptables -A POSTROUTING -t nat -o $dev_world -j MASQUERADE -s $net_int
     
     

    # Port Forwarding
    #iptables -A PREROUTING -t nat -p tcp -d 192.168.0.1 --dport 5901 --to
    192.168.0.2:5901 -j DNAT
     
     

    ################################################################
    # Enable IP-Forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward

  • Next message: Tim Haynes: "Re: Which port to block for ping, and how?"
    • Quantcast