On Tue, 25 Jan 2005 15:04:11 -0700, dan <info@xxxxxxxxxxxxxxxx> wrote: > Steve Brown wrote: > > After learning here on the list that my ISP, Optimum Online, blocks > > residential customers from running web servers using port 80, I set up > > httpd.conf and my firewall to run my site using port 85. It works > > fine. Next, I registered a domain with my daughter's name: miabrown.com > > through 1and1.com. I set up the account so that requests for > > miabrown.com are forwarded to my server (dynamic IP address, port 85). > > > > Apparently, at work, they block sites that use a port number other than > > 80. In my brower at work, I see the IP address. What do I need to do > > on my server so that it shows the domain name instead of the IP address? > > > > I've hosted http data over the traditional https port of 443. You can > have the server listen for http over port 443, and your work will pass > 443 (be it ssl data or not) to you. > > This works with SSH, SMTP, POP... I hate it when my *cough* former > *cough* employer blocked all that stuff. Ah, the fun of companies that like to port-block and proxy everything because of the feeling of power it gives them. And you've got two of them in your way. In general, it's usually pretty easy to get around a firewall, as long as you control something on each side. No matter how small of a hole the firewall has, with patience, you can squeeze elephants through it. (And a firewall has to have a hole of some sort, or it's just a concrete block, not a firewall). But it's all still very annoying. If it's only yourself at work that wants to access your site then you can set up some magic iptables port redirecting to send traffic to 443 back through to 85, but only for incoming traffic from your company. The rest of the Internet would work as is, over port 85. You may also have the option of using SSH tunneling (if you can run SSH on your work PC -- either linux or Windows with say PuTTY). If you can get an ssh connection you can pretty much do anything: outbound, or yes, even inbound. And you can run it on whatever ports you want. (I'd use ssh keys, not passwords, if you can) Depending on how determined your obstacles are, be aware that they may run invisible proxies. Even for SSL. So if you really want to be invisible, use ssh (and validate your server keys!) or set up real SSL on your Apache server, and then be sure to check the SSL certificate on your browser to make sure there's no man-in-the-middle. I feel like I should have a disclaimer here... -- Deron