Glock Talk

Glock Talk (http://glocktalk.com/forums/index.php)
-   Tech Talk (http://glocktalk.com/forums/forumdisplay.php?f=86)
-   -   move https (apache2) from port 443 (http://glocktalk.com/forums/showthread.php?t=267893)

frefoo 07-20-2004 21:50

move https (apache2) from port 443
 
All,

I have a linux box running at home that from time to time I would like to access from work.

The problem is that Work is blocking all ports; (I have not found any other ports) except 80 and 443; at their firewalls.

My ISP blocks port 80.

That being said it seams like the only port I would be able to connect to via ssh is port 443.

Currently from work (Internet) I need ssh.

At home I need (Intranet), I need ssh, http, and https.

Which begs the question, How do I move https to a different port besides 443? So I can connect to my linux box from work?

My linux box is behind a Linksys BEFSX41 firewall/router (latest firmware).

I am running Apache2 (httpd-2.0.49-1.1) and ssh (openssh-server-3.6.1p2-19) on FC1

Thanks

[begin edit]

I know how to edit iptables and sshd_config. I do not know how to move https to a different port looking at the httpd.conf.

[end edit]

lomfs24 07-20-2004 22:38

I don't really know the answer to this question. So I am going to throw out some other questions that might help you.

Let me get everything straight. At your work, they block all ports except port 80 and port 443? No other ports are open, like port 25 for mail, no telnet, ssh etc...? Your ISP, at home, blocks inbound traffic on port 80? It seems odd to me that they would block inbound traffic on port 80 and leave port 443 open. I would think that the reason for blocking port 80 would be to keep you from hosting your own site. For the same reason I would think that they would also shut down port 443. Have you tried to access your webserver via https on port 443 from outside, ie...from work? And does it work?

You would have to force the ssh connection to port 443. Right? Then you would have to have ssh listening on port 443 on your linux box at home. Can you use port 443 for ssh? And can it be used along with https as long as they are not trying to use it at the same time?

These are mostly questions for my own benifit but I hope would help you out in your predicament as well.

frefoo 07-20-2004 22:58

"Let me get everything straight. At your work, they block all ports except port 80 and port 443? No other ports are open, like port 25 for mail, no telnet, ssh etc...? Your ISP, at home, blocks inbound traffic on port 80?"

Exactly Correct

"It seems odd to me that they would block inbound traffic on port 80 and leave port 443 open. I would think that the reason for blocking port 80 would be to keep you from hosting your own site. For the same reason I would think that they would also shut down port 443"

I would think the same thing (I would if it was me) however oversight or what ever 80 is filtered 443 is not by my ISP.

"Have you tried to access your webserver via https on port 443 from outside, ie...from work? And does it work?"

Yes port 443 is completely open (when I disable my firewall at this time).

"You would have to force the ssh connection to port 443. Right? Then you would have to have ssh listening on port 443 on your linux box at home."

Correct again

"Can you use port 443 for ssh?"

You can yes in the sshd_config file you can change the port SSHD listens on (default is 22 I want it on port 443).

"And can it be used along with https as long as they are not trying to use it at the same time?"

No it cant and that is the problem (why I need to move https to a different port). Only 1 service (Apache, SSH, DNS, Email, you get the idea) is allowed to listen on single port.

As a result I cant have Apache and SSH both on port 443.

I know how to change SSH to a different port, I do not know how to remove https (default port 443) to a different port.

lomfs24 07-20-2004 23:11

I tried looking at my httpd.conf file but I am running Suse 9 and they split everything up into a bunch of different files. I could not find the file that changes the port of https from port 443 to port XXX. I also did a quick search on www.linuxquestions.org and found nothing that popped out at me. I still have that tab open and will search there some more. You may want to post a question there.

frefoo 07-20-2004 23:22

Quote:

Originally posted by lomfs24
I tried looking at my httpd.conf file but I am running Suse 9 and they split everything up into a bunch of different files. I could not find the file that changes the port of https from port 443 to port XXX. I also did a quick search on www.linuxquestions.org and found nothing that popped out at me. I still have that tab open and will search there some more. You may want to post a question there.
Good idea, most of the searching I have done talks about changing mod_ssl (Apache1), it seams like Apache2 does not have a mod_ssl to edit.

Not knowing what version of SuSE 9 you are running, With 9.1 professionial they were using Apache2.

lomfs24 07-20-2004 23:27

This is what it looks like to me. https is really ssl. Find the file that changes the port that ssl is on and you have solved your problem. Now, time to look into ssl and where the conf fils for it are.

physicsdevil 07-21-2004 08:30

The pragma that affects the port is called 'Listen', and it can be in different places depending on how you set Apache up. Typically, it'll either be in httpd.conf or ssl.conf. https uses ssl to negotiate a secure (i.e. encrypted) socket.

grantglock 07-22-2004 07:43

look for ssl.conf, mine is in the the same location as httpd.conf

this is the relevant part of the file

# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen 443

rotinom 07-30-2004 07:11

On redhat systems (don't know about your distro, sorry), they move the module conf files to /etc/httpd/conf.d/ and the main httpd.conf file is in /etc/httpd/conf/

as the previous poster said, look for a ssl.conf or something similar, change the "Listen 443" to "Listen XYZ" restart apache, and have a beer


All times are GMT -6. The time now is 19:59.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright 2013, Glock Talk, All Rights Reserved.