Michael Marsh wrote:
I have a hardware firewall that forwards incoming connections on port 80 to port 22 (I can't ssh to my home box from work if I don't use port 80 since all other outgoing ports are blocked). I am trying to build an additional iptables firewall on my linux box which sits behind the router. Obviously port 80 is open to the world and the world thinks it is an http port so I am getting alot of hack attempts. Is there a way to identify any non ssh packets and stop them in their tracks. This is tricky since my own ssh connection will travel to port 80 and is then forwarded to port 22 behind the router. Are TCP packets identified by port number or service type or both. Thanks in advance... I need a little education.
I've never done it myself, but you could also try using a port knocker, which would make the port appear closed to the rest of the world. This would perhaps be a good approach to use in combination with some of the other suggestions.
http://www.portknocking.org/view/
Cheers, Raman Gupta