客户端防火墙阻止除80和443之外的所有端口,需要将端口443上的请求转发到SSH或HTTPS [英] Client firewall blocks all ports but 80 and 443, need away to forward requets on port 443 to SSH or HTTPS
问题描述
我目前正在客户端工作,他们已经锁定了网络,除了端口80和443.我需要使用SSH连接到我们的服务器,但同一台服务器也运行我们的网站。我们不想投资新服务器或放置第二张网卡。
I am currently working at a client were they have locked down the network, except for ports 80 and 443. I need to connect to our server using SSH, but the same server also runs our website. We do not want to invest in a new server or place a second network card.
我一直在网上搜索设置我们的linux服务器(运行CentOS 5) ,以便有一个守护进程侦听端口443,根据客户端协议将请求转发到正确的内部端口(SSH 22或HTTPS移动到另一个端口_。
I have been searching the internet for away to setup our linux server (running CentOS 5), so that there is a daemon listening on port 443 that depending on the client protocol forwards the request to the correct internal port (SSH 22 or HTTPS moved to a differentport_.
互联网上有很多人正在寻找这种解决方案,但没有明确说明如何做到这一点。
There are a lot of people on internet looking for this kind solution, but no clear instructions how to do this.
任何人都有想法/明确说明如何做到这一点?
Anyone have ideas/clear instructions how to do this?
问候,nidkil
推荐答案
sslh: http://www.rutschle.net/tech/sslh.shtml
我正在使用1.5;我还没有尝试过1.6b,并且1.3在离开僵尸时遇到了问题。
I'm using 1.5; I haven't tried 1.6b yet, and 1.3 has a problem with leaving zombies around.
在端口443上运行它;如果没有数据以2秒(默认值)发送,则转发到ssh。否则,它转发到您的网络服务器。
Run it on port 443; if no data is sent with 2 seconds (the default), it forwards to ssh. Otherwise, it forwards to your web server.
我在我的网站上运行它( http ://mikeage.net ) - 如果你想看到两个登录横幅,你可以netcat。
I'm running it on my website (http://mikeage.net) -- you can netcat in if you want to see both login banners.
在我的情况下,它还有另一个目的。我们的设置比您更具限制性:所有端口都被阻止,但可以通过代理访问80和443。我可以让SSH使用像corkscrew(或putty本地)这样的程序来通过公司代理将我的SSH连接代理到我的服务器:443,在短暂的延迟之后,我的SSH服务器用它的登录横幅进行响应。我也可以通过标准HTTPS提供网页(事实上也是如此)。
In my case, it also has another purpose. We have an even more restrictive setup than you: all ports are blocked, but 80 and 443 can be reached via proxy. I can have SSH use a program like corkscrew (or putty natively) to proxy my SSH connection via the company proxy to my server:443, where after a brief delay, my SSH server responds with it's login banner. I can also serve webpages over the standard HTTPS (and do, in fact).
这篇关于客户端防火墙阻止除80和443之外的所有端口,需要将端口443上的请求转发到SSH或HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
