Port Forwarding Software based on packet content

Hi guys,

I'm trying to find some software that will allow me to port forward based
the content of the packet.

Basically. Connection comes in on port 80 at router, the router forwards
this to machine A on port 80. This is where I need the software to inspect
the packet, and if it has something like 'HTTP' in it then forward it to
machine B on port X, if it does not have 'HTTP' in the packet then forward
it to machine A on port X (obviously other than 80).

Anyone know of such software? I can't find any anywhere.

TIA,

--
gbnews ((E-Mail Removed))




gbnews

"gbnews" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Basically. Connection comes in on port 80 at router, the router forwards
> this to machine A on port 80. This is where I need the software to
> inspect the packet, and if it has something like 'HTTP' in it then forward
> it to machine B on port X, if it does not have 'HTTP' in the packet then
> forward it to machine A on port X (obviously other than 80).
>
> Anyone know of such software? I can't find any anywhere.

What you want is beyond the capabilities of simple port forwarding, and from
your description, a robust solution may be impossible. I have written some
software which does something faintly similar but is Linux-specific (and
must run on a router between source and destination for both data
directions).

Can you rephrase the problem? It sounds like what you're saying is that
connections from the Internet to your router's external address on port 80
should effectively connect to different machines depending on which of two
purposes for the connection it is, and one of the purposes is to make an
HTTP request. Have I got this right, and if so, what is the other purpose?

Alex

In article <(E-Mail Removed)>, "Alex Fraser" (E-Mail Removed)
says...
> "gbnews" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Basically. Connection comes in on port 80 at router, the router forwards
> > this to machine A on port 80. This is where I need the software to
> > inspect the packet, and if it has something like 'HTTP' in it then forward
> > it to machine B on port X, if it does not have 'HTTP' in the packet then
> > forward it to machine A on port X (obviously other than 80).
> >
> > Anyone know of such software? I can't find any anywhere.
>
> What you want is beyond the capabilities of simple port forwarding, and from
> your description, a robust solution may be impossible. I have written some
> software which does something faintly similar but is Linux-specific (and
> must run on a router between source and destination for both data
> directions).
>
> Can you rephrase the problem? It sounds like what you're saying is that
> connections from the Internet to your router's external address on port 80
> should effectively connect to different machines depending on which of two
> purposes for the connection it is, and one of the purposes is to make an
> HTTP request. Have I got this right, and if so, what is the other purpose?
>
My guess is that he wants to enable access from another machine that is
restricted by a firewall - tunneling may be an option, depending on the
control the user has on the other machine, or otherwise maybe a web
application that can do whatever it is that he's attempting.

>>> Basically. Connection comes in on port 80 at router, the router
>>> forwards this to machine A on port 80. This is where I need the
>>> software to inspect the packet, and if it has something like 'HTTP'
>>> in it then forward it to machine B on port X, if it does not have
>>> 'HTTP' in the packet then forward it to machine A on port X
>>> (obviously other than 80).
>>>
>>> Anyone know of such software? I can't find any anywhere.
>>
>> What you want is beyond the capabilities of simple port forwarding,
>> and from your description, a robust solution may be impossible. I
>> have written some software which does something faintly similar but
>> is Linux-specific (and must run on a router between source and
>> destination for both data directions).
>>
>> Can you rephrase the problem? It sounds like what you're saying is
>> that connections from the Internet to your router's external address
>> on port 80 should effectively connect to different machines
>> depending on which of two purposes for the connection it is, and one
>> of the purposes is to make an HTTP request. Have I got this right,
>> and if so, what is the other purpose?
>>
> My guess is that he wants to enable access from another machine that
> is restricted by a firewall - tunneling may be an option, depending
> on the control the user has on the other machine, or otherwise maybe
> a web application that can do whatever it is that he's attempting.

Bingo. Problem is I can only go out at port 80, so I use this to connect to
my router for SSH. The problem is, I would like to now set-up a simple web
server, and obviously would want that accepting on port 80 too. If I could
find another port I could go out on, it wouldn't be a problem as I would
move ssh to another port. Hence why I would like some sort of packet
filerting/forwarding software.
--
gbnews ((E-Mail Removed))

"gbnews" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Bingo. Problem is I can only go out at port 80, so I use this to
> connect to my router for SSH.

Do you mean that you currently connect to the router's external address,
port 80, from somewhere that only allows outbound connections to port 80,
and that your router is currently configured to forward this connection to
one of your machines which runs an SSH server?

> The problem is, I would like to now set-up a simple web server, and
> obviously would want that accepting on port 80 too.

Do you mean you now wish to run a web server accessible at the router's
external address, but also (for obvious reasons) on port 80?

The basic problem is that there is no way to distinguish between connections
from (for example) a browser or SSH client until after the connection is
accepted, and once a connection has been accepted, it is practically
impossible to "transfer" it.

Alex

In article <(E-Mail Removed)>, "gbnews" (E-Mail Removed)
says...
<snip>
> Bingo. Problem is I can only go out at port 80, so I use this to connect to
> my router for SSH. The problem is, I would like to now set-up a simple web
> server, and obviously would want that accepting on port 80 too. If I could
> find another port I could go out on, it wouldn't be a problem as I would
> move ssh to another port. Hence why I would like some sort of packet
> filerting/forwarding software.
>
Have you not got access on port 443 (HTTPS) that you could use instead
of port 80?
You could always run your HTTP server on a different port.

Alex Fraser wrote:
> "gbnews" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Bingo. Problem is I can only go out at port 80, so I use this to
>> connect to my router for SSH.
>
> Do you mean that you currently connect to the router's external
> address, port 80, from somewhere that only allows outbound
> connections to port 80, and that your router is currently configured
> to forward this connection to one of your machines which runs an SSH
> server?

Yes.

>> The problem is, I would like to now set-up a simple web server, and
>> obviously would want that accepting on port 80 too.
>
> Do you mean you now wish to run a web server accessible at the
> router's external address, but also (for obvious reasons) on port 80?
>
> The basic problem is that there is no way to distinguish between
> connections from (for example) a browser or SSH client until after
> the connection is accepted, and once a connection has been accepted,
> it is practically impossible to "transfer" it.

Yes again. Well that can't be right.. the majority of web browsers send
there request with a HTTP header in the packet. Some software could surely
be able to forward all of these requests in to a different port. I do
understand in what your saying that it would be very difficult, as the
connection is already accepted before the packet contents are read. I don't
think i'm going to be able to find any software, and will have to try and
find another port I can go out on.
--
gbnews ((E-Mail Removed))

Rob Morley wrote:
> In article <(E-Mail Removed)>, "gbnews"
> (E-Mail Removed) says...
> <snip>
>> Bingo. Problem is I can only go out at port 80, so I use this to
>> connect to my router for SSH. The problem is, I would like to now
>> set-up a simple web server, and obviously would want that accepting
>> on port 80 too. If I could find another port I could go out on, it
>> wouldn't be a problem as I would move ssh to another port. Hence
>> why I would like some sort of packet filerting/forwarding software.
>>
> Have you not got access on port 443 (HTTPS) that you could use instead
> of port 80?
> You could always run your HTTP server on a different port.

Port 443. I'll try that one Rob. There's always port 21 as well, but I have
a FTP server running on that. Any other ports you think might be open on
the way out?
--
gbnews ((E-Mail Removed))

8080 (normally used for proxies or alternate webserver port)
110 (POP3)
53 (DNS, IIRC)
143 (IMAP)
20 (FTP data)
23 (Telnet)
25 (SMTP)
119 (NNTP)
123 (NTP)
Thats prolly all the main ones.
If you search google for "TCP Port listings" it will give you an IANA
page (www.iana.org/assignments/port-numbers) which might give you ideas

DynDNS.org offer a service that will forward a web request to a port
other than port 80 intended for use when ISPs block port 80 to prevent
webhosting, or IIS exploits. That would work, continue to use port 80
for SSH, and the DynDNS service for web hosting. Although you may still
need to be able to connect on that port

One of the "secure" browsing sites would also let you access the
website, as that computer makes the connection, can't remember any now,
but they are also used to get round content filtering, as the browsed
content is encrypted, and comes from a non-blocked site.

hope i have helped


"gbnews" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Rob Morley wrote:
>> In article <(E-Mail Removed)>, "gbnews"
>> (E-Mail Removed) says...
>> <snip>
>>> Bingo. Problem is I can only go out at port 80, so I use this to
>>> connect to my router for SSH. The problem is, I would like to now
>>> set-up a simple web server, and obviously would want that accepting
>>> on port 80 too. If I could find another port I could go out on, it
>>> wouldn't be a problem as I would move ssh to another port. Hence
>>> why I would like some sort of packet filerting/forwarding software.
>>>
>> Have you not got access on port 443 (HTTPS) that you could use
>> instead
>> of port 80?
>> You could always run your HTTP server on a different port.
>
> Port 443. I'll try that one Rob. There's always port 21 as well, but I
> have a FTP server running on that. Any other ports you think might be
> open on the way out?
> --
> gbnews ((E-Mail Removed))
>

"gbnews" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Alex Fraser wrote:
[snip]
> > The basic problem is that there is no way to distinguish between
> > connections from (for example) a browser or SSH client until after
> > the connection is accepted, and once a connection has been accepted,
> > it is practically impossible to "transfer" it.
>
> Yes again. Well that can't be right.. the majority of web browsers send
> there request with a HTTP header in the packet.

But, unfortunately, not the *first* packet. There is an exchange (ie the
machine being connected also sends stuff) first. With reference to my
previous post, this exchange results in the connection becoming accepted,
and is what ties it to the machine.

What this doesn't preclude is making a new connection, something like a
proxy. This is basically like software I mentioned I wrote in my first post:
it accepts the connection, figures out somewhere else to connect to,
connects and then relays information. (The Linux-specific stuff and the
constraint of running on a router allows this second connection to appear to
be from the original connecting machine.)

However, unlike what I'm using it for, you cannot robustly detect the
difference between an SSH and HTTP connection even after it's been accepted.
All you can do is say "If you haven't received an HTTP request after N
seconds, assume it's an SSH connection."

[snip]
> I don't think i'm going to be able to find any software, and will have to
> try and find another port I can go out on.

I think there's a good chance there's at least one other port you can use;
443 is the most likely.

Alex