Re: IP over HTTP?

From: Ulrich Spoerlein <uspoerlein_at_gmail.com>
Date: Mon, 20 Aug 2007 16:07:27 +0200
On Thu, 16.08.2007 at 13:22:39 +0200, Oliver Fromme wrote:
> Note, however, that some HTTP proxies are configured to
> disallow connections to arbitrary ports, for security
> reasons.  If that's the case for you, run you sshd server
> on port 443 wich should always be allowed by proxies
> (only possible if you don't already run a HTTPS server
> on port 443, of course).

If your company has a limited set of external IPs it's probably better
to redirect port 443 than to abandon HTTPS (whatever happened to HTTP +
STARTTLS, btw?)

pf.conf:
rdr on $ext_if proto tcp from $company to any port 443 -> ($ext_if) port 22

Cheers,
Ulrich Spoerlein
-- 
It is better to remain silent and be thought a fool,
than to speak, and remove all doubt.
Received on Mon Aug 20 2007 - 13:42:56 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:16 UTC