Ah ha - Re: UAMALLOWED and HTTPS (to select.worldpay.com)
Derek C
derekchilli at hssl.ie
Wed Apr 29 16:07:24 UTC 2009
To confirm: When I'm not using Coova Chilli in my test box (just an AP
wlandev, with an IP but otherwise all setup exactly the same) I can
associate and connect to select.worldpay.com port 443 (with telnet and
with Firefox).
Here are some baffling points: -
1. I CAN connect to other uamallowed computers out there on port 443 (and
on other ports of course)
2. I CAN connect to select.worldpay.com port 443 with an Apple Macbook
but NOT with a Ubuntu notebook or a Windows XP notebook
How weird is this?
Derek
On Wed, April 29, 2009 3:38 pm, Derek C wrote:
> Hi again,
>
>
> Ok: Now I realised something. Its Worldpay that's doing the blocking
> when traffic is routing via my Coova Chilli box (BTW Worldpay is a
> credit/debit card payment gateway - a part of the Royal Bank of Scotland
> group).
>
> I can add another site to the uamallowed directive and access their SSL
> site fine (and "telnet SITE 443" works fine too).
>
> What could it be that Worldpay is identifying with Coova Chilli traffic
> and makes them drop it?
>
> On my Coova Chilli AP I'm doing the usual NAT handling with "iptables -t
> nat -A POSTROUTING -o eth0 -j MASQUERADE" and if I don't use Coova Chilli
> and put an IP on the wifi AP interface then Worldpay does NOT block my
> connection (i.e. it only happens when Coova Chilli is handling the IP
> DHCP
> allocation).
>
> Maybe its something with the masquerading not fully handling the IP
> mapping - something that makes Worldpay reject the traffic due to, in their
> opinion, IP spoofing?
>
> Derek
>
>
> On Wed, April 29, 2009 3:06 pm, Johan Meiring wrote:
>
>> Derek C wrote:
>>
>>
>>> Hi Johan,
>>>
>>>
>>>
>>> Below is the output of "tcpdump -vvntttt -i ath0 dst 155.136.66.34"
>>> (where
>>> that IP is select.worldpay.com).
>>>
>>
>> Your filter is of such a nature that you will only see outgoing
>> traffic.
>>
>>
>> tcpdump -vvntttt -i ath0 host 155.136.66.34 ^^^^ is better.
>>
>> Also you are filtering other traffic.
>>
>>
>>
>> Best to use:
>> tcpdump -vvntttt -s 1500 -i ath0 (-s 1500 makes it capture the whole
>> packet, and you then get more info)
>>
>> If you feel the output is too long, use something like pastebin.com
>>
>>
>>
>>
>> --
>>
>>
>>
>>
>> Johan Meiring
>> Amobia Communications
>> Tel: (0861) AMOBIA / (0861) 266242
>> Fax: (0861) AMOFAX / (0861) 266329
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
>> For additional commands, e-mail: chilli-help at coova.org
>> Wiki: http://coova.org/wiki/index.php/CoovaChilli
>> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>>
>>
>>
>>
>
>
> --
> Derek C
> In Ireland
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>
>
>
--
Derek C
In Ireland
More information about the Chilli
mailing list