Le 16 mars 2013 à 19:18, Jan Engelhardt a écrit : > On Saturday 2013-03-16 18:25, AZ 9901 wrote: >> Le 12 mars 2013 à 19:09, AZ 9901 a écrit : >>> >>> sslh (http://www.rutschle.net/tech/sslh.shtml) works as a protocol demultiplexer, it allows to separate SSH and HTTPS streams which arrive on the same port (443 for instance). >>> I would like to do the same thing but with iptables only. >>> Is it possible ? > > No. As the name already says, it works at the IP/Network level, > not with upper protocols. Yes but I was thinking of something like that : - use "string" module to catch the first packet of a SSH connection (looking for SSH- pattern, as sslh does in its probe.c source file) - use conntrack to follow this detected SSH connection - redirect this detected SSH connection from port 443 to port 22 Other non-rediected connection (HTTPS connections) would then simply go to Apache. Any chance ? Thank you ! Best regards, Benjamin -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
