Re: Firewall and TCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael Marsh wrote:

I have a hardware firewall that forwards incoming connections on port 80
to port 22 (I can't ssh to my home box from work if I don't use port 80
since all other outgoing ports are blocked).  I am trying to build an
additional iptables firewall on my linux box which sits behind the
router.  Obviously port 80 is open to the world and the world thinks it
is an http port so I am getting alot of hack attempts. Is there a way to
identify any non ssh packets and stop them in their tracks.  This is
tricky since my own ssh connection will travel to port 80 and is then
forwarded to port 22 behind the router.  Are TCP packets identified by
port number or service type or both.  Thanks in advance... I need a
little education.


I've never done it myself, but you could also try using a port knocker, which would make the port appear closed to the rest of the world. This would perhaps be a good approach to use in combination with some of the other suggestions.


http://www.portknocking.org/view/

Cheers,
Raman Gupta


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux