[Sussex] IPTables - is this possible?
John Crowhurst
info at johnscomputersupport.co.uk
Thu Mar 22 00:02:52 UTC 2007
On Wed, March 21, 2007 23:19, Matthew Macdonald-Wallace wrote:
> On Wed, 2007-03-21 at 21:45 +0000, Steve Dobbo Dobson wrote:
>> Matt
>> > Can anyone advise if this is possible?
>> Sounds it to me on the limited information given.
>
> OK, basically there is a firewall in a location at which I often use my
laptop that blocks and closely monitors traffic that goes out over
anything except http/https/imap/pop3/smtp.
In some companies, http/imap/smtp and pop3 are run through a proxy to make
sure you aren't downloading viruses and somesuch. However, since https
works by direct connection it cannot easily be proxyed.
> I want to set my server up at home so that it is running https, http,
ssh and a few other services (mail, database etc). What I want to be
able to do is ssh to port 443 (the default for https) _AND_ be able to
access https sites via the same address. The best example of this is as
follows:
You can access anything on any port that leaves your network, it is the
nature of TCP/IP to reassign your ports whenever you connect to them so
the server can handle multiple connections.
However, if you are trying to run a server that binds https and ssh to the
same port, one of those services will fail. You can accomplish this goal
by setting up a second computer utilizing layer 7 switching. Layer 7
routes packets based on the application rather than the network, so you
should be able to have port 443 accessible as ssh and https and the switch
remaps those to 22 and 443 accordingly.
--
John Crowhurst
John's Computer Support
More information about the Sussex
mailing list