Perling my way through an oppressive firewall

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,

A restrictive firewall at work forces me to run the ssh server on my home box on port 443. Unfortunately I would really prefer to be running my https server on that port instead.

I was thinking that I might write a perl listener that accepts connections on port 443. If something resembling an http request ("GET / ...") is received from the client within the first couple of seconds after a connection, then it would open a socket to localhost:444 (where the real https server would be running) and basically proxy between the two.

However, if nothing is received from the client in the first couple of seconds, then open a connection to localhost:22 and again act as a proxy. The ssh server would then send its own banner to the client.

The questions at hand are:

Has anybody already implemented this, or something like this that might save me a bucket of time? :-)
Failing the above, can someone point me to some sample code for this sort of thing that would illustrate how I'd do it in a non-blocking way? Am I going to have to fork on each client connect or stuff? How do I listen for data on each socket and forward it on to the other simultaneously?
Are there any pitfalls that aren't obvious?

Thank you kindly Monks.

Comment on Perling my way through an oppressive firewall

Replies are listed 'Best First'.
Re: Perling my way through an oppressive firewall by Corion (Patriarch) on Apr 04, 2008 at 06:05 UTC
See Net::Proxy, which does all you want and likely more. Also see your workers contract. Most likely, this will give your employer a reason to fire you.	[reply]
Re^2: Perling my way through an oppressive firewall by Anonymous Monk on Apr 04, 2008 at 08:31 UTC
Goverment workers need their porn	[reply]
Re: Perling my way through an oppressive firewall by Sinistral (Monsignor) on Apr 04, 2008 at 15:05 UTC
You may also wish to investiate a non-Perl option that might be a tool you will find useful, connect.c Edit: added more information In addition, you can use PuTTY in Windows or the standard OpenSSH client to do allow for the tunneling. If you use the -D8080 option, then your SSH server will act as a SOCKs proxy, and you can set up Firefox to use a SOCKs proxy on http://127.0.0.1 port 8080 The equivalent in PuTTY is to set up using the Tunnels tab. See the PuTTY docs describing port forwarding and using port forwarding in PuTTY	[reply]
Re: Perling my way through an oppressive firewall by marto (Cardinal) on Apr 04, 2008 at 15:27 UTC
I agree with Corion on this, just because you can technically circumvent such systems does not mean you should. Doing so could result in job loss and all sorts of legal shenanigans. Martin	[reply]
Re: Perling my way through an oppressive firewall by Anonymous Monk on Apr 05, 2008 at 17:26 UTC
I'll investigate Net::Proxy. Thank you for the tip, Corion. Sinistral: Tunneling web browsing over ssh via SOCKS is not what I'm talking about here, but thank you. And thanks for the legal advice, but I didn't sign any contracts that dictate what I can and can not do with the Interwebs at work, nor would I ever be dumb enough to do so. It is well accepted in our environment that we're all accessing our home machines via whatever way we can, e.g. ssh or one of those sites that implements an Remote Desktop proxy as a Java applet (can't think of the URL of the site that most people use right now).	[reply]
Re^2: Perling my way through an oppressive firewall by Anonymous Monk on Apr 06, 2008 at 03:04 UTC
For those who might come Googling some day, pretty much exactly what I described is in the Net::Proxy documentation, almost word-for-word. Here it is.	[reply]