Unable to get port redirection/SSL proxy to work

Issues related to configuring your network
Post Reply
helgew
Posts: 3
Joined: 2017/06/05 00:19:50

Unable to get port redirection/SSL proxy to work

Post by helgew » 2020/11/19 19:26:01

Hi,

I am having difficulties getting port redirection to work on a new CentOS 8 install. This is on a VM that acts as a very simple router for an IoT device that connects to the internet. I have been using an SSL proxy to capture the data being exchanged by redirecting traffic from port 443 to another port for all requests from the device successfully on CentOS 7 using a simple port redirection (XX.XX.XX.XX is the IP address of the device:

Code: Select all

iptables -t nat -A PREROUTING -s XX.XX.XX.XX/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 7777
I understand that CentOS 8 has moved to nftables and I have tried both the iptables (iptables v1.8.4 (nf_tables)) stanza above to generate the nft rule as well as nft directly:

Code: Select all

nft add rule ip nat PREROUTING ip saddr XX.XX.XX.XX tcp dport 443 counter redirect to :7777
My proxy is up and running and listening on port 7777, however when I run

Code: Select all

openssl s_client -cipher ALL  -connect YY.YY.YY.YY:7777
with YY.YY.YY.YY being the IP of the VM, I only get

Code: Select all

CONNECTED(00000005)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 389 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
and the IoT device is not able to exchange data with its remote server. On my CentOS 7 installation, the openssl command displays the self-signed certificate I am using for my SSL proxy.

Any advice would be greatly appreciated!

Post Reply

Return to “CentOS 8 - Networking Support”