<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
mso-fareast-language:EN-GB;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-GB;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:EN-US;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-AU" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Roy,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks for the reply…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I agree, I do not believe DNS can do it (although I know there are some funky things that can be done).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Port 80 would be open on the carrier for outbound traffic, but this particular carrier has blocked unsolicited inbound traffic of specific ports like port 25 and port 80 in the past (to block phishing sites,
spam, etc).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Although when I enquired they advised that it was open, although they were not specific and <rant> this is what I hate about technical roles outsourced to developing countries </rant> (ironically I personally
know people who work for some of the BPOs who handle contact for this particular carrier, so I am VERY sceptical they really know).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I have reviewed their firewall and to me with enough knowledge to be dangerous, copied the same rules which worked for port 443 and applied them to port 80, changed order and various other ways to place a
priority, but to null effect, hence my suspicion for the provider blocking, regardless of their claims.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I am let to believe the service is a “business grade” service, which is more about SLAs than anything else. (it is a fixed wireless connection on the nbn in Australia)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I did find references to others having the port blocked and others not with the same provider for port 80, however no one ever raised any issues over port 443 or other obscure ports (mainly seen 25 and 80
being reported as blocked).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I have got another reply from Michael which I need to look at closely and test, so I will post here again once I have looked at it also.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">But as for IP tables, unless I wanted to pass ALL traffic to the external server, from what I am finding/reading it will not do it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Brian<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span style="color:black">Roy Urick <rurick@usa.net><br>
<b>Date: </b>Saturday, 24 August 2019 at 1:09 am<br>
<b>To: </b>Brian Carter <wayin@hotmail.com><br>
<b>Subject: </b>Re: [BlueOnyx:23157] Redirection and forwarding, needing to redirect to a different server to a different port, can this be done easily?</span><span style="color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
<p>Pretty sure DNS cannot add a port number to a query response, or even know what port the subsequent traffic is going to use. It just is asked "what is the IP of this host" and the DNS server responds.
<br>
<br>
I'd guess that if 443 is open, 80 is also open at the carrier level. I dont know of any non business service providers that block inbound 80 dont also block inbound 443 as well.
<br>
<br>
My gut says the firewall is misconfigured. You can always call the ISP and ask if they are blocking any inbound ports. In my experience they will all tell you whether they are or not. If its not business class service they are probably blocking it. But I cant
imagine them not blocking both. <o:p></o:p></p>
<div>
<p class="MsoNormal">On 8/23/2019 10:02 AM, Fungal Style wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi all,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Here is the situation, a website is hosted with an on-premise server (I know, stupid idea, but these guys are raised on *stoopid*, as in I bet their parents took a double helping thing more is better), they
have port 80 blocked and port 443 open, so if you access their site via HTTPS, it works fine, but drop the HTTPS and use just HTTP, it fails, as port 80 is blocked.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Simple solution would be to change their firewall right? Well I am not certain the issue is with the firewall but the provider of the link to their server, and the firewall is part of a fairly high end router
that you may need some additional training to understand all of the features (I think it is one of the Vanguards from memory, been a little bit since I last looked at the configs).</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">So here is what I am thinking, having a BO server handle the DNS requests, change the port to port 443 and then forward the traffic to the IP address of their on prem server, but I cannot think of a good way
to do this as I am thinking iptables but surely there must be a better, (read as “easier way”) to do this that I am just not seeing, as even with iptables I am not sure I would be able to (could be a skills shortage on my side if it is possible).</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Anyway, any thoughts or ideas on how to do this are warmly received.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Regards</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Brian</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-GB"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Blueonyx mailing list<o:p></o:p></pre>
<pre><a href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a><o:p></o:p></pre>
<pre><a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a><o:p></o:p></pre>
</blockquote>
</div>
</body>
</html>