Michael Thompson ha scritto:
I have a issue where I cannot connect to my server because the firewall only allows ports 80 and 443 out.
I previously ran SSH on port 443 to overcome this, but I have had to implement a HTTPS solution for users who wanted secure access, so that is now gone.
This system has DNS records for ssh.server.co.uk and www.server.co.uk, so can I use IPTables or similar to recognise if it is being connected to via ssh.server.co.uk on port 443 and forward the traffic to port 22? If www.server.co.uk:443 is used apache gets the traffic? Or is this (As I suspect) Impossible?
You can look at http://sourceforge.net/projects/l7-filter/ "Application Layer Packet Classifier for Linux".
It is capable to classify the packets based on their headers, not on the generating/destination port/ip, I don't know if you can make it work on encrypted connection like ssh or https.
Maybe you must connect ssh to port 80 and difference to know http traffic and unknow encrypted traffic (ssh for you).
Unable to explain it better ;) hope it's a starting point for you.
Francesco
-- gentoo-user@gentoo.org mailing list
