Date: Mon, 20 Aug 2007 16:07:27 +0200 From: Ulrich Spoerlein <uspoerlein@gmail.com> To: Oliver Fromme <olli@lurza.secnetix.de> Cc: freebsd-current@FreeBSD.ORG Subject: Re: IP over HTTP? Message-ID: <20070820140726.GC1455@roadrunner.spoerlein.net> In-Reply-To: <200708161122.l7GBMd2f097695@lurza.secnetix.de> References: <20070815013342.GA25882@rot26.obsecurity.org> <200708161122.l7GBMd2f097695@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 16.08.2007 at 13:22:39 +0200, Oliver Fromme wrote: > Note, however, that some HTTP proxies are configured to > disallow connections to arbitrary ports, for security > reasons. If that's the case for you, run you sshd server > on port 443 wich should always be allowed by proxies > (only possible if you don't already run a HTTPS server > on port 443, of course). If your company has a limited set of external IPs it's probably better to redirect port 443 than to abandon HTTPS (whatever happened to HTTP + STARTTLS, btw?) pf.conf: rdr on $ext_if proto tcp from $company to any port 443 -> ($ext_if) port 22 Cheers, Ulrich Spoerlein -- It is better to remain silent and be thought a fool, than to speak, and remove all doubt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070820140726.GC1455>