My question might be just a little confusing, but anyway. My school will open Wi-fi compatability DMZ on separate IP for college students, however they stated port 80 would be the only port open.

Exactly what do I would like? Well I wish to tunnel my traffic through home server, that is running Apache2 on 80 and SSH on 21. It is simply a normal setup. Because it is a production machine and that i want clients to have the ability to connect on port 80, but I wish to connect with port 80 to create a tunnel. Now you ask ,: How to achieve that?

The potential sollution: Abandon chance of hooking up to websites running around the server in the school IP and employ IPTABLES. If source ip == $school_ip &lifier&lifier port == 80: Redirect to port 21. Done. However I think there must another, elegant sollution... Is not it easy to really make use of the HTTP transfer for SSH transit? I am talking about produce a host named for instance ssh.mydomain.tld and employ some apache module to perform a server-side redirection to port 21 only on that specific hostname? So what can I actually do?

Box is running Debian GNU/Linux

Thank you for any help...

Off subject: They believe they'll block any kind of illegal operation. Actually HTTP is most likely the 2nd most-vulnerable protocol after Bit-torrent. How about we lock it lower too? It will be absolutely safe if there is no open ports, would it not? I do not personally think obstructing ports for POP, IMAP, Jabber, etc is worthwhile. I believe they'll most likely seriously piss someone if they can can't open mail teacher sent them. Oh, there is a webmail? No no no! SSL/TLS continues port 443, remember? I do not think obstructing all of the traffic is going to be worthwhile. IMO they ought to block unencrypted Bit-torrent and apply low-priority QoS for unclassified transfers.