Hi there again ...
I wonder - if anyone has implemented the following.
On 1 IP-Address, have the Firewall identify incoming ssh or https
connections ... or even better - SSL Connections through OpenVPN ? and
DNAT the connection to different IP|Port combination ...
The reason I'd like this feature is to have the possibility to use port
443 on my home server (I have only 1 IP-Address) to open ssh or https
connections through port 443. Most companies block all other ports - and
on 443 I can even use the company's proxy to reach my home-site.
Now - how can this be done ?
For ssh, once the TCP connection is established, the server speaks first,
presenting itself by saying something like:
SSH-2.0-OpenSSH_3.6.1p2 <Distribution etc.>
With SSL - the client speaks first.
Now - would it be possible to let shorewall identify which side speaks
first - and then redirect the traffic to one or another internal
IP-Address|Port combination ?
That would ease a lot of things. Right now - I'm doing it through a
perl-script I got on the Net, but I'd really like shorewall to handle that
:)
Any ideas ? Hints ?
Cheers
Joerg
--
------------------------------------------------------------------------
| Joerg Mertin : [EMAIL PROTECTED] (Home)|
| in Forchheim/Germany : [EMAIL PROTECTED] (Alt1)|
| Stardust's LiNUX System : |
| Web: http://www.solsys.org |
------------------------------------------------------------------------
PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
