[sslh] IPTables configuration

Eamon Doyle eamon at cornercase.net
Tue Aug 6 20:49:20 CEST 2013 

Here's the output.  I lied a little since ssh is running on 32666, but for
simplicity I said port 22 since that's not really the issue.

# Generated by iptables-save v1.4.4 on Tue Aug  6 10:58:48 2013
*mangle
:PREROUTING ACCEPT [2941:293692]
:INPUT ACCEPT [2941:293692]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3241:2936709]
:POSTROUTING ACCEPT [3241:2936709]
COMMIT
# Completed on Tue Aug  6 10:58:48 2013
# Generated by iptables-save v1.4.4 on Tue Aug  6 10:58:48 2013
*filter
:INPUT DROP [335:21015]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3241:2936709]
-A INPUT -p tcp -m tcp --dport 32666 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 444 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Aug  6 10:58:48 2013
# Generated by iptables-save v1.4.4 on Tue Aug  6 10:58:48 2013
*nat
:PREROUTING ACCEPT [333:16453]
:POSTROUTING ACCEPT [136:7577]
:OUTPUT ACCEPT [136:7577]
COMMIT
# Completed on Tue Aug  6 10:58:48 2013


On Tue, Aug 6, 2013 at 10:55 AM, Jason Cooper <sslh at lakedaemon.net> wrote:

> Eamon,
>
> On Tue, Aug 06, 2013 at 10:52:39AM -0700, Eamon Doyle wrote:
> > Hi all.  I'm running sslh listening on port 443 with https listening on
> 444
> > and ssh on 22.  I have iptables set up to block everything but 22, 80,
> and
> > 443.  When I start iptables, I can ssh through port 443 as expected but I
> > can no longer access my HTTPS on port 443 unless I unblock port 444, at
> > which point sslh successfully forwards the traffic.
> >
> > Does anyone know what I need to do to IPtables to not have port 444
> exposed
> > externally but allow sslh to forward the traffic correctly?  As a
> followup,
> > why does this behavior occur?  I may not understand exactly how sslh is
> > forwarding the traffic.
>
> Could you send the output of iptables-save ?
>
> thx,
>
> Jason.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20130806/c191fa61/attachment-0001.html>

More information about the sslh mailing list