I have a hardware firewall that forwards incoming connections on port 80 to port 22 (I can't ssh to my home box from work if I don't use port 80 since all other outgoing ports are blocked). I am trying to build an additional iptables firewall on my linux box which sits behind the router. Obviously port 80 is open to the world and the world thinks it is an http port so I am getting alot of hack attempts. Is there a way to identify any non ssh packets and stop them in their tracks. This is tricky since my own ssh connection will travel to port 80 and is then forwarded to port 22 behind the router. Are TCP packets identified by port number or service type or both. Thanks in advance... I need a little education.
___________________
I would limit the connection before it even gets to your Linux box. What type of firewall do you have? Not that the previous question really matters, but I would limit the IP range at the firewall as opposed to your Linux box. I'm not as familiar with iptables, but I do not think it's application level meaning it won't differentiate between something accessing port 80 using SSH versus another using HTTP. All it maintains is that a TCP connection is being established to port 80 by source IP x.x.x.x.
-- Regards, Matt Florido
