Firewall and TCP
Matt Florido
matt at floridonet.com
Fri Mar 25 06:21:28 UTC 2005
Michael Marsh wrote:
> I have a hardware firewall that forwards incoming connections on port 80
> to port 22 (I can't ssh to my home box from work if I don't use port 80
> since all other outgoing ports are blocked). I am trying to build an
> additional iptables firewall on my linux box which sits behind the
> router. Obviously port 80 is open to the world and the world thinks it
> is an http port so I am getting alot of hack attempts. Is there a way to
> identify any non ssh packets and stop them in their tracks. This is
> tricky since my own ssh connection will travel to port 80 and is then
> forwarded to port 22 behind the router. Are TCP packets identified by
> port number or service type or both. Thanks in advance... I need a
> little education.
>
> ___________________
>
>
I would limit the connection before it even gets to your Linux box.
What type of firewall do you have? Not that the previous question
really matters, but I would limit the IP range at the firewall as
opposed to your Linux box. I'm not as familiar with iptables, but I do
not think it's application level meaning it won't differentiate between
something accessing port 80 using SSH versus another using HTTP. All it
maintains is that a TCP connection is being established to port 80 by
source IP x.x.x.x.
--
Regards,
Matt Florido
More information about the fedora-list
mailing list