Joerg Mertin wrote: > Hi there again ... > > I wonder - if anyone has implemented the following. > On 1 IP-Address, have the Firewall identify incoming ssh or https > connections ... or even better - SSL Connections through OpenVPN ? and > DNAT the connection to different IP|Port combination ... > > The reason I'd like this feature is to have the possibility to use port > 443 on my home server (I have only 1 IP-Address) to open ssh or https > connections through port 443. Most companies block all other ports - and > on 443 I can even use the company's proxy to reach my home-site. > > Now - how can this be done ? > For ssh, once the TCP connection is established, the server speaks first, > presenting itself by saying something like: > > SSH-2.0-OpenSSH_3.6.1p2 <Distribution etc.> > > With SSL - the client speaks first. > > Now - would it be possible to let shorewall identify which side speaks > first - and then redirect the traffic to one or another internal > IP-Address|Port combination ?
Of course not -- it has to redirect the initial SYN packet which contains no clue about what is to follow. > > That would ease a lot of things. Right now - I'm doing it through a > perl-script I got on the Net, but I'd really like shorewall to handle that > :) > > Any ideas ? Hints ? None, I'm afraid -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
