[sslh] Restrictive squid proxy
Ruzsinszky Attila
ruzsinszky.attila at gmail.com
Wed Aug 7 08:48:48 CEST 2013
Hi,
Sorry, I just push the Reply: button and my answer was sent to you not to
the list.
Can you change that behaviour?
moment, and I'm not sure it's possible). Alternatively, you
> need to stop/restart it.
>
I think hotplug will do that.
> > If SSH works with sslh, my config is perfect for that two protocols.
> > I have to rewrite the init script and hotpugging sslh for the dynamic
> > IP.
>
> Ok, so your issue is not with sharing ssh and https on 443,
> it's accessing 80 and 8080?
>
My sgoal is more complex.
> That's probably not so good, it's better to pre-create the
> PID file you'll use and chown it to nobody. (that said, sslh
> opens the PID file before dropping privileges, so there is
> something else going on here).
>
OK.
Then I have to modify the init script, too and create the PID
file with the right owner.
> You're talking about 443 at the beginning of this e-mail.
>
Yes.
That was the test not my only goal.
>
> Right now I'm confused as to what is open, what works, and
> what you're trying to achieve.
>
I've got two boxes:
- router
- NAS.
NAS is behind the router on the internal LAN.
I want to reach them from my office through a resctrictive HTTP
proxy on which 3 ports can be used: 22, 80, 443.
On my router running SSH and WEB page for admin (HTTP/
HTTPS). I want to connect to SSH and HTTPS from the Net.
On my NAS there are many services.
The most importants are: SSH, HTTPS (for admin) and
HTTP + HTTPS for WEB services.
My goal is: reaching the router and the NAS from the proxy server.
You should be able to forward SSH, HTTP, HTTPS like this:
>
> sslh --listen my_wan:443 --ssh localhost:22 --http localhost:80 --ssl:80
>
I can use HTTP for NAS to connect to unencrypted pages.
> This may or may not work while listening on 80, depending on
> how your proxy work. Most likely it won't work.
>
Proxy is a squid proxy. I'll check it soon.
> > Do I have to setup a new sslh for port 80 and forwarding SSH and HTTPS
> > to my NAS's 22 and 443 ports? What can I do the remained 8080 and 8081
> > ports?
>
> For HTTP, it may be possible to do something like virtual
> domains, and have sslh look at the URL and forward to
> different ports based on the URL (using the regexp probe).
> This sounds like fun.
>
I don't understand this how can I do this.
I'm not a virtual domain wizzard. ;-)
TIA,
Ruzsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20130807/7beef80f/attachment.html>
More information about the sslh
mailing list