-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sudev Barar writes:
> Thanks for info and pointers. My confusion is that with apache running > web service on port 80 how will system distinguish between http > request and tcp packet for listening. You've two take one of the services (httpd, pop3d, sshd, smtpd) down. OR Put some kind of proxy in front of the services which will do some protocol checks on the data and pass the data to the appropriate service. OR You've to use iptables's 'string' and 'state' extension to match NEW connections with 'GET|PUT|HEAD|POST|DELETE /' strings in them, and then DNAT or REDIRECT them to the desired internal port (on which httpd or nc is listening). Once connection is established, then you can allow all packets of that connection using 'state' extension to match ESTABLISHED,RELATED packets. BtW, I've not tried such thing ever, so I'm not sure whether this will work or not. Quoting from iptables(8): - ---->8----->8---- string This modules matches a given string by using some pattern matching strategy. It requires a linux kernel >= 2.6.14. --algo bm|kmp Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris) --from offset Set the offset from which it starts looking for any matching. If not passed, default is 0. --to offset Set the offset from which it starts looking for any matching. If not passed, default is the packet size. --string pattern Matches the given pattern. --hex-string pattern Matches the given pattern in hex notation. - ----8<----8<---- In case your service also sends data similar to HTTP requests, then you've to figure out some other way. HTH - -- ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiHGIgACgkQHy+EEHYuXnQI3ACgo9AP9F7VFhlr85WORQpDy4oP 1eMAnjsFD/cMvlzgln/lcSeedR3qI+x5 =uPuF -----END PGP SIGNATURE----- _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/