Buck Turgidson wrote:
> I posted a question on Friday, and was unable to check news and mail
this
> weekend. I got a lot of good responses, but I wasn't able to clarify
> things.
>
> My question was whether, I can have several services (protocols)
> listenening on port 22. Is there anyway to have another service, e.g.
http,
> listening on the same port, and some sort of director that decides
whether
> traffic is http or ssh, and forward it to the right service? I have a
router
> in my home network.
>
> I access my linux box at home from work over 22, which is the only
open port
> that is common between my ISP and employer. I am well aware of
> port-forwarding and use it extensively, and have even gotten ftp to
work
> with some fiddling.
>
> However, I want to call Harry across town and give him a URL on port
22 to
> try, without having ssh, tunnelling, nor an account on my machine.
>
> I hope I clarified my question somewhat.
>
> Someone mentioned setting up a proxy and another mentioned l7
filtering. Do
> those still apply? I'll have to do some research on those, since
they're a
> little above my head at this point.
"My question was whether, I can have several services (protocols)
listening on port 22".
Answer is:
No, you cannot bind multiple services to listen on the same port at the
_same_time_. One port, one service. The port number is part of the
TCP/UDP host address tuple. The listening service binds to a
port/socket and services requests by establishing additional sockets
based on (dst addrs, dst port, src addrs, src port).
It is such a basic point that no one bothered to answer it directly.
What was posted were ways to _use_ port 22 (ssh) to _access_ multiple
services running (and listening on other ports) on your home computer.
You (as root) can have nearly any service listen on port 22 that you
want, though that may present problems of its own with some FW packet
filters.
Not much you can do about your employer's FW filters but I would
complain/switch ISPs that insisted on rejecting connection requests on
"well known" ports. They have other/better ways of restricting traffic
flows.
If your ISP is not rejecting all connection requests to all but
"allowed" port numbers, your easiest way may be to have other services
listening on high (>1024) numbered ports. Eg., http listening on 8080
or 8088. This may work for others (friends) while you still have to
use ssh from work.
To provide "transparent" access you will have to proxy/filter/redirect
on a single port number and examine the protocol info (l7/Layer7) in
the packets. This can be made to work with the right tools but may not
be worth it. Others have already provided you enough info to get you
started. Only you can decide what "solution" is worth the effort
required to make it work.
good luck,
prg
|
Similar Threads
Linear Mode
