[sslh] sslh-1.9 released!
higuita
higuita at GMX.net
Mon Aug 29 03:52:08 CEST 2011
Hi again
On Thu, 18 Aug 2011 22:41:22 +0200, Yves Rutschle <yves at naryves.com>
wrote:
> On Fri, Aug 12, 2011 at 03:16:12AM +0100, higuita wrote:
> Ok, the code in 1.10 is quite different, I'd be grateful if
> you could try all that again using it.
thanks! :)
now i manage to put it work with this:
/usr/sbin/sslh --user nobody --listen caravela443 --ssh loopback 22 --ssl loopback 443
where caravela have both ipv4 and ipv6 DNS and loopback is
the ::1 address
but this also works:
/usr/sbin/sslh --user nobody --listen 10.10.10.1:443 --listen 2001:b18:400:0:211:d8ff:fe82:e:443 --ssh localhost:22 --ssl localhost:443
the [] form fails, it tries to resolve the "hostname", but as
the previous form works, this one isnt really necessary
/usr/sbin/sslh --user nobody --listen 10.10.10.1:443 --listen 2001:b18:400:0:211:d8ff:fe82:e:443 --ssh localhost:22 --ssl localhost:443
and finally, this also works:
/usr/sbin/sslh --user nobody --listen 0.0.0.0:443 --listen :::443 --ssh localhost:22 --ssl localhost:443
> > -to a interface:
> > /usr/sbin/sslh -u nobody -p eth0:443 -s localhost:22 -l localhost:443
> > Name or service not known `eth0'
>
> OTOH there is no reason this should work: I don't think it's
> even possible for a program to know what IP address
> corresponds to what interface.
hey, i was just trying to see if it worked :)
but several program also use interfaces... one that i use
is dnsmasq , it used the -i to listen to that interface.
> > be great that sslh could bind to a interface instead just IPs, this
> > way we could free the lo interface for apache and use the other
> > network interfaces for sslh, for whatever ip they could have.
> This already works. IP addresses already identify
> interfaces: each interface has one or several IP address,
you are completely right! maybe i was missing this from
a previous version or even from the perl version, where one
of those would bind just to all IPs... and i burned that problem
in my memory, even if i'm already using the "fixed" config for
some time :)
i don't really need it, but one with dynamic IP might still
have problems configuring sslh... ;)
Again, thanks for your help and app
higuita
--
Naturally the common people don't want war... but after all it is the
leaders of a country who determine the policy, and it is always a
simple matter to drag the people along, whether it is a democracy, or
a fascist dictatorship, or a parliament, or a communist dictatorship.
Voice or no voice, the people can always be brought to the bidding of
the leaders. That is easy. All you have to do is tell them they are
being attacked, and denounce the pacifists for lack of patriotism and
exposing the country to danger. It works the same in every country.
-- Hermann Goering, Nazi and war criminal, 1883-1946
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://rutschle.net/pipermail/sslh/attachments/20110829/d6631ec8/attachment.pgp>
More information about the sslh
mailing list