UAMALLOWED and HTTPS (to select.worldpay.com)

Derek C derekchilli at hssl.ie
Wed Apr 29 18:43:35 UTC 2009


I should have said:  I'm only redirecting traffic that is destined for the
Worldpay SSL server.

I use this rule: -

iptables -t nat -I PREROUTING -p tcp -d select.worldpay.com --dport 443 -j
DNAT --to-destination MY-SERVER-IP:443

That server is using socat to listen on 443 and proxy traffic from the
Worldpay SSL server.  I use this socat command:

socat TCP4-LISTEN:443,bind=MY-SERVER-IP,fork TCP4:select.worldpay.com:443

But I'm pretty sure that if Worldpay change their IP this setup will be
dead until restarted.

Derek




On Wed, April 29, 2009 7:22 pm, Derek C wrote:
>

> On Wed, April 29, 2009 5:58 pm, Johan Meiring wrote:
>
>> The only other thing I can think of is MTU issues.
>> Try issuing the following on your hotspot, and see if it helps.
>> iptables -I FORWARD -t mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j
>> TCPMSS --clamp-mss-to-pmtu
>> (the above command is one line)
>>
>
> Hi Johan,
>
>
> This didn't work either.
>
>
> I have a work-around to my problems (which is great) - but it's horrible!
>  On the Coova Chilli AP I'm redirecting traffic with a DNAT iptables rule
>  to a server I have in a data centre.  In that server I'm proxying the
> traffic with socat - and its working so I have the payment gateway up &
> running.  But its horrible because if Worldpay change their IP....
>
> Derek
>
>
>
> --
> Derek C
> In Ireland
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>
>
>


-- 
Derek C
In Ireland




More information about the Chilli mailing list