UAMALLOWED and HTTPS (to select.worldpay.com)
Henk Kleynhans
henk at skyrove.com
Wed Apr 29 20:30:12 UTC 2009
Sometimes a random problem requires a random solution ;-)
You said earlier that you are only having this problem with Ubuntu Hardy
Heron, but not with Mac OS X.
Have you tested with other computers? (I imagine for some reason you
mentioned XP somewhere, but now can't find it in the thread).
Can you definitely rule out that it's not a problem specific to your Ubuntu
setup?
henk
On Wed, Apr 29, 2009 at 8:43 PM, Derek C <derekchilli at hssl.ie> wrote:
> I should have said: I'm only redirecting traffic that is destined for the
> Worldpay SSL server.
>
> I use this rule: -
>
> iptables -t nat -I PREROUTING -p tcp -d select.worldpay.com --dport 443 -j
> DNAT --to-destination MY-SERVER-IP:443
>
> That server is using socat to listen on 443 and proxy traffic from the
> Worldpay SSL server. I use this socat command:
>
> socat TCP4-LISTEN:443,bind=MY-SERVER-IP,fork TCP4:select.worldpay.com:443
>
> But I'm pretty sure that if Worldpay change their IP this setup will be
> dead until restarted.
>
> Derek
>
>
>
>
> On Wed, April 29, 2009 7:22 pm, Derek C wrote:
> >
>
> > On Wed, April 29, 2009 5:58 pm, Johan Meiring wrote:
> >
> >> The only other thing I can think of is MTU issues.
> >> Try issuing the following on your hotspot, and see if it helps.
> >> iptables -I FORWARD -t mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j
> >> TCPMSS --clamp-mss-to-pmtu
> >> (the above command is one line)
> >>
> >
> > Hi Johan,
> >
> >
> > This didn't work either.
> >
> >
> > I have a work-around to my problems (which is great) - but it's horrible!
> > On the Coova Chilli AP I'm redirecting traffic with a DNAT iptables rule
> > to a server I have in a data centre. In that server I'm proxying the
> > traffic with socat - and its working so I have the payment gateway up &
> > running. But its horrible because if Worldpay change their IP....
> >
> > Derek
> >
> >
> >
> > --
> > Derek C
> > In Ireland
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> > For additional commands, e-mail: chilli-help at coova.org
> > Wiki: http://coova.org/wiki/index.php/CoovaChilli
> > Forum: http://coova.org/phpBB3/viewforum.php?f=4
> >
> >
> >
>
>
> --
> Derek C
> In Ireland
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>
>
--
Henk Kleynhans
CTO & Founder
Skyrove (Pty) Ltd
Technology Top 100 - Most Promising Emerging Enterprise 2006
Tel: +27 (21) 4488843
Cell: +27 (84) 3073451
Fax: +27 (86) 6204077
henk at skyrove.com
blog: www.geekrebel.com
------
"A person with ubuntu is open and available to others, affirming of others,
does not feel threatened that others are able and good, for he or she has a
proper self-assurance that comes from knowing that he or she belongs in a
greater whole and is diminished when others are humiliated or diminished,
when others are tortured or oppressed." - Desmond Tutu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20090429/800216f6/attachment.htm>
More information about the Chilli
mailing list