> I have a issue where I cannot connect to my server because the firewall > only allows ports 80 and 443 out. > > I previously ran SSH on port 443 to overcome this, but I have had to > implement a HTTPS solution for users who wanted secure access, so that > is now gone. > > This system has DNS records for ssh.server.co.uk and www.server.co.uk, > so can I use IPTables or similar to recognise if it is being connected > to via ssh.server.co.uk on port 443 and forward the traffic to port 22? > If www.server.co.uk:443 is used apache gets the traffic? Or is this (As > I suspect) Impossible? I don't think that's possible, because the address resolution happens on the client side. Both names are resolved to your one IP address before you ever see any packets. One option would be to get a second IP address. Another would be to get the client admins to open an outgoing port in their firewall, as Jose suggests. A third possibility would be to direct both sets of traffic to port 443, and use application-level filtering to distinguish them. See for example http://l7-filter.sourceforge.net/. I see that they have a pattern for recognizing SSH, that's supposed to work well. They don't have one for HTTPS, but you could either assume that as the default for non-SSH traffic, or maybe write your own pattern. Good luck, Andrew.
