Website using port 85

Deron Meranda deron.meranda at gmail.com
Tue Jan 25 23:09:05 UTC 2005 

On Tue, 25 Jan 2005 15:04:11 -0700, dan <info at hostinthebox.net> wrote:
> Steve Brown wrote:
> > After learning here on the list that my ISP, Optimum Online, blocks
> > residential customers from running web servers using port 80, I set up
> > httpd.conf and my firewall to run my site using port 85.  It works
> > fine.  Next, I registered a domain with my daughter's name: miabrown.com
> > through 1and1.com.  I set up the account so that requests for
> > miabrown.com are forwarded to my server (dynamic IP address, port 85).
> >
> > Apparently, at work, they block sites that use a port number other than
> > 80.  In my brower at work, I see the IP address.  What do I need to do
> > on my server so that it shows the domain name instead of the IP address?
> >
> 
> I've hosted http data over the traditional https port of 443.  You can
> have the server listen for http over port 443, and your work will pass
> 443 (be it ssl data or not) to you.
> 
> This works with SSH, SMTP, POP... I hate it when my *cough* former
> *cough* employer blocked all that stuff.

Ah, the fun of companies that like to port-block and proxy
everything because of the feeling of power it gives them.
And you've got two of them in your way.

In general, it's usually pretty easy to get around a firewall, as
long as you control something on each side.  No matter how
small of a hole the firewall has, with patience, you can
squeeze elephants through it.  (And a firewall has to have a
hole of some sort, or it's just a concrete block, not a firewall).
But it's all still very annoying.

If it's only yourself at work that wants to access your site then you
can set up some magic iptables port redirecting to send traffic
to 443 back through to 85, but only for incoming traffic from your
company.  The rest of the Internet would work as is, over port
85.

You may also have the option of using SSH tunneling (if you
can run SSH on your work PC -- either linux or Windows with
say PuTTY).  If you can get an ssh connection you can pretty
much do anything: outbound, or yes, even inbound.  And you
can run it on whatever ports you want.  (I'd use ssh keys, not
passwords, if you can)

Depending on how determined your obstacles are, be aware that
they may run invisible proxies.  Even for SSL.  So if you really
want to be invisible, use ssh (and validate your server keys!)
or set up real SSL on your Apache server, and then be sure to
check the SSL certificate on your browser to make sure there's
no man-in-the-middle.

I feel like I should have a disclaimer here...
-- 
Deron

More information about the fedora-list mailing list