[sslh] Many processes

Maurice Commandeur maurice at nieuwerbrug.org
Wed Feb 8 08:55:49 CET 2012 

Aaron,

Your setup could be working due to the fact that your sslh is started before apache is started.
Have a good look at your log files, there should be some error with "port already in use".
It is not possible to have two separate processes listening on one TCP port.

I'll try to rework the setup and do some tracing of the process today, I hope...

Maurice.

Op 8 feb. 2012 om 02:48 heeft Aaron Madlon-Kay <aaron at madlon-kay.com> het volgende geschreven:

> Hi Maurice.
> 
> I wonder if the multiple IPs could be the problem. I have mine setup like this:
> 
> 1. Server has a single internal IP, 192.168.1.100.
> 
> 2. Router forwards requests from external IP's port 443 to 192.168.1.100:443.
> 
> 3. apache listens on 443. ssh listens on 22.
> 
> 4. sslh listens on 0.0.0.0:443, which you would think would conflict
> with apache, but somehow it all works out.
> 
> -Aaron
> 
> 
> 2012/2/7 Maurice Commandeur <maurice at nieuwerbrug.org>:
>> Hi Yves,
>> 
>> It's just a simple home setup.
>> 
>> internet -> router -> server
>> All NAT and portforwarding stuff.
>> 
>> The only thing that I can imagine is that my server has 2 ip's on the en0 interface
>> 
>> server:~ $ ifconfig en0
>> en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>        options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
>>        ether c4:2c:03:0b:20:af
>>        inet6 fe80::c62c:3ff:fe0b:20af%en0 prefixlen 64 scopeid 0x4
>>        inet 192.168.0.75 netmask 0xffffff00 broadcast 192.168.0.255
>>        inet 192.168.0.73 netmask 0xffffff00 broadcast 192.168.0.255
>>        media: autoselect (1000baseT <full-duplex,flow-control>)
>>        status: active
>> 
>> the 192.168.0.73 is the ip with apache running on port 443
>> the 192.168.0.75 is the ip where sslh runs on port 443.
>> My router forwards ip's from the internet to port 443 on 192.168.0.75.
>> then sslh decides where to do what.
>> Apache is specifically configured to not use *:443 but only 192.168.0.73 and 127.0.0.1.
>> 
>> I'll try to rebuild it… So that my router sends all traffic coming from the internet to 192.168.0.73:4443
>> sslh listening on 192.168.0.73:4443 and configure sslh to use port 443 and 22.
>> Then I can disable the 192.168.0.75 ip number.
>> 
>> Maurice
>> 
>> Op 7 feb. 2012, om 07:04 heeft Yves Rutschle het volgende geschreven:
>> 
>>> On Sat, Feb 04, 2012 at 10:56:27PM +0100, Maurice Commandeur wrote:
>>>> ## now adding a https session via sslh
>>>> 
>>>> $ ps -ef | grep [s]slh
>>>>   -2 88079     1   0 10:36PM ??         0:00.00 /opt/local/sbin/sslh -f -v -u nobody -p 192.168.20.75 443 --ssh localhost 22
>>>>   -2 88080 88079   0 10:36PM ??         0:00.00 /opt/local/sbin/sslh -f -v -u nobody -p 192.168.20.75 443 --ssh localhost 22
>>>>   -2 88122 88080   0 10:41PM ??         0:00.03 /opt/local/sbin/sslh -f -v -u nobody -p 192.168.20.75 443 --ssh localhost 22
>>>>   -2 88146 88080   0 10:42PM ??         0:00.00 (sslh)
>>>>   -2 88152 88080   0 10:42PM ??         0:00.00 (sslh)
>>> [...]
>>>> It seems that the https session is the felon...
>>> 
>>> This is a little strange, since sslh makes no difference between
>>> https and ssh once the connection is initiated.
>>> 
>>> Do you get https connections through another type of proxy?
>>> 
>>> Y.
>>

More information about the sslh mailing list