0

Have issues trying to redirect port 443 to either port 444 or 445. This is only for the inside of my network; 444 and 445 are dropped at the firewall incoming on the Wan connection. What I am trying to accomplish is to display a short/quick messages to our local users. One messages if for those younger users that should be in bed, the other is for devices on the network we do not know ( friend brings in a cell or tablet and connects to our wifi ). If they try to surf to port 80 ( not ssl ) everything works OkieDokie and whichever message is displayed. Here is the firewall redirect for that.

iptables -t nat -A EndOfNet -i $Lan1 -p tcp --dport 80 -j REDIRECT --to-port 82 iptables -t nat -A EndOfNet -i $Lan1 -p tcp --dport 82 -j DNAT --to-destination 192.168.100.254

Pretty much the same code for SSL redirect; except I get "Error code: SSL_ERROR_RX_RECORD_TOO_LONG"

iptables -t nat -A EndOfNet -i $Lan1 -p tcp --dport 443 -j REDIRECT --to-port 445 iptables -t nat -A EndOfNet -i $Lan1 -p tcp --dport 445 -j DNAT --to-destination [WanIP]

Note that I did not include port 81 or 444 in the iptables code above for brevity. Certs are installed and work properly for port 443; either inside or outside my network. VirtualHost in httpd config:

<VirtualHost *:444> ServerName Alias.FQDN.TLD Redirect / https://Alias.FQDN.TLD ErrorLog "/var/log/httpd/RedirectErr.log" </VirtualHost> <VirtualHost *:445> ServerName Alias.FQDN.TLD Redirect / https://ALias.FQDN.TLD ErrorLog "/var/log/httpd/RedirectErr.log" </VirtualHost> <VirtualHost 192.168.100.254:81> DocumentRoot "/var/www/html/Special/Unknown" ServerName 192.168.100.254 ErrorLog "/var/log/httpd/Error.log" CustomLog "/var/log/httpd/Unknown.log" combined </VirtualHost> <VirtualHost 192.168.100.254:82> DocumentRoot "/var/www/html/Special/EndInet" ServerName 192.168.100.254 ErrorLog "/var/log/httpd/Error.log" CustomLog "/var/log/httpd/EndInet.log" combined </VirtualHost>

I played with ssl.conf and tried to add port 444 and 445 of which "port already in use" error showed when I restarted httpd. I suspect that cause is the VirtualHost config for 444 and 445 in httpd.vhosts.conf

dig -x [WanIP] shows the proper Alias.FQDN.TLD now as I found it pointed to a local machine of which I got a SSL "name(s) do not match" or something like that.

Is redirecting via port in SSL possible? If so, what am I missing?

Thanks!

Ulrich - Listen in httpd/conf/httpd.conf

Listen 80 Listen 81 Listen 82 Listen 444 https Listen 445 https

Listen 443 is in ssl.conf

Improve this question

2 Answers 2

Reset to default
0

SSL_ERROR_RX_RECORD_TOO_LONG can happen if you attempt to speak https to a port that answers http. Did you do Listen 444 or Listen 444 https in your config? By default, 443 is the only port where httpd will know to speak https by default.

Improve this answer
-1

Geesh! Not enough coffee???

I had a redirect for both 444 and 445 in httpd-vhosts.conf. Didn't need to do the redirect as those ports are in ssl.conf. Removed the redirect and it now works.

Can ya say brain-fart?

todh

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.