5

I have a remote Linux (Debian) machine which I'd like to access from a very restricted network. In fact the only two open ports are port 80 (for HTTP) and 443 (HTTPS).

On this machine I have nginx server which is running on port 80 and 443.

I haven't done anything like this before and am fairly inexperienced with any server software other than nginx (and Minecraft which isn't particularly hard to do).

If there is a simple way to achieve this please tell me.

The ssh server on this machine is this: OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013

Anthon
  • 78,313
  • 42
  • 165
  • 222
BrainStone
  • 3,534
  • 12
  • 32
  • 53
  • You could run SSH on port 80, nginx on some other port and then use port-forwarding whenever you need HTTP access to nginx. – muru Dec 11 '14 at 18:02

2 Answers2

6

There is sslh. It can multiplex the connections depending on what type of client is asking. So if a webbrowser comes along it will forward it to nginx and if a ssh client tries to connect forward it to the sshd. The README.md will hook you up with a nice explanation on how it has to be configured.

Andre Klärner
  • 180
  • 4
3
restricted_net=1.2.3.0/24
iptables -t nat -A PREROUTING -s "$restricted_net" -p tcp --dport 80 \
  -j REDIRECT --to-ports 22

undo

iptables -t nat -L -nv --line-numbers

shows the number of the added rule. If it is the first rule in this chain then it can be deleted with

iptables -t nat -D PREROUTING 1

It can be deleted direcly, too:

iptables -t nat -D PREROUTING -s "$restricted_net" -p tcp --dport 80 \
  -j REDIRECT --to-ports 22
Hauke Laging
  • 88,146
  • 18
  • 125
  • 174