Question for some apache/iptables/gurus..
I want to establish an ssh tunnel to my server.
The ssh port has to be 443 because it's the only one which is opened from the outside (more or less..)
There is already an apache ssl running, so, also on port 443. And this port should not change, again it's the only one allowed.
So I know how to do both of that seperatly. But I need both at the same time...
My first idea is to use iptables on the server to do port forwarding based on pattern matching:
For a normal https connection, the "Host" part of the HTTP(/S) protocol will contain the real servername (www.my.com
For a tunneled connection, the local part of the tunnel would set the "Host" part of the HTTP(/S) protocol to tunnel.my.com.
In both case, the IP adress in the packets will be the same (I'm not maintaining my DNS)
On the server, when iptables detects HTTP protocol which contain the "Host:tunnel.my.com" it would forward it to 444 where my ssh tunnel would in fact be.
Does that make sense? Is there an easier way? After 5mn of searching, I didn't find interesting stuffs on google for this, just came up with this idea. People basically say it's not possible. Impossible is not part of my language
I'm sure others have done this before