1

I have a proxy/firewall machine running FreeBSD 9, using PF to route and filter traffic as needed.

Now I'm setting up a git server, which runs over ssh, but I'm already using port 22 for ssh. I would like to route traffic from any IP to port 22 to another machine, if the hostname they used to reach the server was a subdomain (git.mydomain.com). Kind of a virtual host, but for ssh...

Is this possible with pf? Any suggestions?

kbanman
  • 209
  • 2
  • 7
  • 1
    Wow, why the downvotes on this question guys? I came here because I was hoping to do something similar. I'm not afraid to admit I didn't know that the hostname was not an artifact of TCP, but was only available in the HTTP header. :) – Taytay Oct 24 '13 at 13:29

2 Answers2

5

Sorry, what you're asking for is impossible -- IP traffic (and an IP firewall) only knows IP addresses - it knows nothing of hostnames.

You can only have one process listening to a specific port on a specific IP address. Virtual hosts for websites work because the web server receives the hostname in an HTTP header (see http://en.wikipedia.org/wiki/Virtual_hosting), and there is no similar mechanism in SSH.

Your options are pretty limited:

  1. Configure your regular SSH server to handle the git traffic (probably the best option).
  2. Acquire another IP address.
  3. Run the SSH server for git on an alternate port.

Once you have the SSH server for git on an alternate port, you can automagically use it by adding the following to your ~/.ssh/config:

Host git.mydomain.com
    HostName router.mydomain.com
    Port 2222
MikeyB
  • 39,291
  • 10
  • 105
  • 189
voretaq7
  • 79,879
  • 17
  • 130
  • 214
0

If it's meant to be the same machine, then just point git.example.com at it and you're done.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972