[Sussex] IPTables - is this possible?
Karl E. Jorgensen
karl at jorgensen.org.uk
Mon Apr 9 12:24:54 UTC 2007
On Wed, Mar 21, 2007 at 07:15:04PM +0000, Matthew Macdonald-Wallace wrote:
> Hi all,
>
> For reasons I won't go into at the moment, I'm exploring the
> possibilities of the following:
>
> - All traffic for a given web address hits a given port.
> - IPTables examines the data and then forwards it to a different port
> depending on the packet type.
>
> As an example:
>
> All traffic is routed from a given client to a specified firewall via
> a local proxy.
>
> The firewall will only accept connections on port 443 (secure HTTP).
>
> The traffic being sent varies between https and ssh - https is
> redirected to an internal webserver running mod_ssl, ssh is redirected
> to a different shell server running ssh (surprisingly!).
>
> Can anyone advise if this is possible?
Others have answered already - And I would have replied earlier, if I
had not misunderstood your question...
I thought that you wanted to route SSH and https through the same port
on the same box. Since iptables cannot determine the on-the-wire
protocol, a user-level proxy would be called for. So I wrote one:
http://sourceforge.net/projects/ssh-ssl-proxy/
http://sourceforge.net/docman/display_doc.php?docid=49025&group_id=192637
Not sure whether it will be useful for you, but it might be for others.
Enjoy!
--
Karl E. Jorgensen
karl at jorgensen.org.uk http://www.jorgensen.org.uk/
karl at jorgensen.com http://karl.jorgensen.com
==== Today's fortune:
Desist from enumerating your fowl prior to their emergence from the shell.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20070409/16e971d1/attachment.pgp
More information about the Sussex
mailing list