From owner-freebsd-current@FreeBSD.ORG Mon Aug 20 15:42:56 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80ACD16A41A for ; Mon, 20 Aug 2007 15:42:56 +0000 (UTC) (envelope-from uspoerlein@gmail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.188]) by mx1.freebsd.org (Postfix) with ESMTP id 0B64013C46B for ; Mon, 20 Aug 2007 15:42:55 +0000 (UTC) (envelope-from uspoerlein@gmail.com) Received: by fk-out-0910.google.com with SMTP id b27so1441464fka for ; Mon, 20 Aug 2007 08:42:54 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:received:received:date:from:to:cc:subject:message-id:mail-followup-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=uYh2aNzR1Jy3OimaH1/UNqPZqFdk564ZV4WVky1gB4hr9OmAtdl2KL/FPJ9VrT6XkwOHoqlyqL0JINceFKw34KSokKv5IP1JPZCQPdNZMT4i0OS1GWU5wiDWXN1FcPQteLZVdIl8I2D2Q9Qs8lvD0VtLWplUw8TLcUViQTn6GNw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:to:cc:subject:message-id:mail-followup-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=pKe4RFIT/nbnAswaQCHZrZlKxJoU2/hv9/E9QU/9d+NWSJlolQeNgm/02Ipm9HA+1JVstMGAI88fc9PTXZtZj4i0O/wURnVfwFiTV3rvnK/p90HCG0h9PmCK9KpJjHZWQkWWQeFpuyFkZja/AUVEZF64E9pJHsDvwz/jJ0tC37Y= Received: by 10.82.127.14 with SMTP id z14mr7944855buc.1187622918394; Mon, 20 Aug 2007 08:15:18 -0700 (PDT) Received: from roadrunner.spoerlein.net ( [85.180.149.79]) by mx.google.com with ESMTPS id j2sm19261674mue.2007.08.20.08.15.17 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 20 Aug 2007 08:15:18 -0700 (PDT) Received: from roadrunner.spoerlein.net (localhost [127.0.0.1]) by roadrunner.spoerlein.net (8.14.1/8.14.1) with ESMTP id l7KE7SoC040910; Mon, 20 Aug 2007 16:07:28 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Received: (from q@localhost) by roadrunner.spoerlein.net (8.14.1/8.14.1/Submit) id l7KE7RCW040904; Mon, 20 Aug 2007 16:07:27 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Date: Mon, 20 Aug 2007 16:07:27 +0200 From: Ulrich Spoerlein To: Oliver Fromme Message-ID: <20070820140726.GC1455@roadrunner.spoerlein.net> Mail-Followup-To: Oliver Fromme , freebsd-current@FreeBSD.ORG References: <20070815013342.GA25882@rot26.obsecurity.org> <200708161122.l7GBMd2f097695@lurza.secnetix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200708161122.l7GBMd2f097695@lurza.secnetix.de> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-current@FreeBSD.ORG Subject: Re: IP over HTTP? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2007 15:42:56 -0000 On Thu, 16.08.2007 at 13:22:39 +0200, Oliver Fromme wrote: > Note, however, that some HTTP proxies are configured to > disallow connections to arbitrary ports, for security > reasons. If that's the case for you, run you sshd server > on port 443 wich should always be allowed by proxies > (only possible if you don't already run a HTTPS server > on port 443, of course). If your company has a limited set of external IPs it's probably better to redirect port 443 than to abandon HTTPS (whatever happened to HTTP + STARTTLS, btw?) pf.conf: rdr on $ext_if proto tcp from $company to any port 443 -> ($ext_if) port 22 Cheers, Ulrich Spoerlein -- It is better to remain silent and be thought a fool, than to speak, and remove all doubt.