Ubuntu: Packet redirection based upon traffic type


Overview : Is there anything like ufw or iptables that will accept a packet on a port, but then redirect that packet locally depending on the type of packet it is?

More info : I have a web server that resides on Ubuntu 14.04 and through NAT on the corporate firewall, accepts public traffic on port 443, the firewall passes the traffic through to my Apache web server (configured to listen on 443) in order to process HTTPS traffic.

What I'm after, however, is also having an SFTP service, on the same server, being able to accept SFTP traffic without having to open up another port on the corporate firewall.

I envisage reconfiguring Apache to listen locally on port 44433 (for example) and having the SFTP listening on its' standard port 22. However, what I don't know is what I should have listening on port 443 to accept the traffic through the corporate firewall and then working out if that traffic should be passed to SFTP (if the packet header dictates it as SFTP) or passed to Apache on port 44433 if the packet header dictates it as HTTPS.

I can only imagine that it would be something like ufw or iptables or some other packet filtering/forwarding/shaping package that I can install under Ubuntu, but I'm not sure what/which one to use. Is this even possible on a single server?

I understand that there are solutions out there which can redirect traffic based upon the IP port, but all my incoming traffic will be to a single port, and I need to go down a layer and inspect packet itself to ascertain where it needs to be directed.

Unless of course, there's a better solution?


An application called sslh and described as an "Applicative protocol multiplexer" was designed to do exactly what you want.

The application functionality is described at

ssl/ssh multiplexer

and it is available through links at that site.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »