You are not logged in.
- Topics: Active | Unanswered
#1 2010-06-20 16:13:03
- virtuemood
- Member
- Registered: 2009-04-04
- Posts: 33
iptables:multiple services on the same port
I am a senior high school student in taiwan ,tainan
note:taiwan is not a part of china
I have a server in my school running arch.
The problem is that the evil firewall have very strict rule.
Server <--> Firewall A <-------------------------> Firewall B <--> Laptop
Only allow few input ports
Only allow output port 80,443
As a result, I cannot ssh into my server because port 80 is occupied by http.
Moreover, I have far more than two services to run.
But there are only two ports I can use.
Finally I think up a resolution to this problem.
It is inspired by port knocking but I use icmp echo instead.
How do this work is simply by sending a icmp echo with particular strings to the server.
Iptables on the server will detect the strings and redirect packet from port 80 to port 22.
Client:
ping -p 22 -c 1 host ;ssh host -p 80
Server:
iptables -A INPUT -p icmp --icmp-type echo-request -m string --string "\"" --algo bm -m recent --set --name 22
iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 80 -m recent --name 22 --update -j REDIRECT --to-ports 22
I think this is a good solution to fight against evil firewall but not perfect enough.
Any suggestion is appreciated.
Last edited by virtuemood (2010-06-20 16:14:07)
Offline
#2 2010-06-20 23:27:50
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,233
- Website
Re: iptables:multiple services on the same port
Multiplexing would be 'cleaner':
http://www.rutschle.net/tech/sslh.shtml
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline