Re: [Fwd: Re: Firewall - How blockade the files .exe]

To: roni02@inf.its-sby.edu, debian-firewall@lists.debian.org
Subject: Re: [Fwd: Re: Firewall - How blockade the files .exe]
From: Mike Mestnik <cheako911@yahoo.com>
Date: Wed, 24 Mar 2004 18:05:07 -0800 (PST)
Message-id: <[🔎] 20040325020507.17839.qmail@web11903.mail.yahoo.com>
In-reply-to: <[🔎] 1134.10.126.13.178.1080114851.squirrel@202.155.84.178>

You can redirect diffrent ports on your external IP with the iptable dnat
target to the internal ssh servers.  With HTTP virtual hosts are based on
the URL in the "get" command.  SSH has no use of URL's so there is no
"get" or equivelent command.

Best just to block by IP or use TCP/IP wrappers(host.allow and hosts.deny)
for DNS based authenticateions, also ssh has host key authentication. 
Iptables is kernel space, this means that it is small and compact.  The
DNS lookups are done in userspace and the resulting IP is put into network
byte order and passed to the kernel.  The kernel the compairs the octest
of incoming packets with thoes provided by userspace.  If you want you can
use cron to update replace your iptable rules, but that is folish.

--- roni02@inf.its-sby.edu wrote:
> overview
> - i have one visible ip and 4 server in internal networks.
> - every server have one ssh server that listen on port 22.
> - on visible ip i installed debian + regular firewal + dns + apache for
> virtual proxy that forward to internal server.
> 
> question
> 1- how to make ssh service like virtual proxy in apache.  ?
>   example: when someone use ssh server1.mydomain.com will forward to
> internal server (192.168.0.5) in same port (22)
>             then someone use ssh server2.mydomain.com will forward to
> internal server (192.168.0.6) in same port (22) and etc.
>    now i use port forwarding ( server1.mydomain.com:22 forward to
> 192.168.0.5:23,server1.mydomain.com:22 forward to 192.168.0.5:22)
> 2. there is any rules in iptables to filter by domain name not ip
> address ?
> 
> 
> any suggestion/explanation/link etc will be appreciated
> thanks for everythings and sorry for my english :)
> 
> 
> -- 
> Regards
> 
> 
> Ronnie Muhadi
> Laboratorium Arsitektur dan Jaringan Komputer
> FTIF-T. Informatika ITS 10 Nopember Surabaya
> YM : ronnie_grezik
> resume : http://ronnie.inf.its-sby.edu
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 

__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html

Reply to:

References:
- [Fwd: Re: Firewall - How blockade the files .exe]
  - From: roni02@inf.its-sby.edu

Prev by Date: Eva Canal ist außer Haus.
Next by Date: tls ssl ftp connection over iptables
Previous by thread: [Fwd: Re: Firewall - How blockade the files .exe]
Next by thread: virtual proxy in firewall
Index(es):
- Date
- Thread