[sslh] Restrictive squid proxy

Ruzsinszky Attila ruzsinszky.attila at gmail.com
Wed Aug 7 08:48:48 CEST 2013 

Hi,

Sorry, I just push the Reply: button and my answer was sent to you not to
the list.
Can you change that behaviour?

moment, and I'm not sure it's possible). Alternatively, you
> need to stop/restart it.
>
I think hotplug will do that.


> > If SSH works with sslh, my config is perfect for that two protocols.
> > I have to rewrite the init script and hotpugging sslh for the dynamic
> > IP.
>
> Ok, so your issue is not with sharing ssh and https on 443,
> it's accessing 80 and 8080?
>
My sgoal is more complex.


> That's probably not so good, it's better to pre-create the
> PID file you'll use and chown it to nobody. (that said, sslh
> opens the PID file before dropping privileges, so there is
> something else going on here).
>
OK.
Then I have to modify the init script, too and create the PID
file with the right owner.


> You're talking about 443 at the beginning of this e-mail.
>
Yes.
That was the test not my only goal.

>
> Right now I'm confused as to what is open, what works, and
> what you're trying to achieve.
>
I've got two boxes:
- router
- NAS.

NAS is behind the router on the internal LAN.

I want to reach them from my office through a resctrictive HTTP
proxy on which 3 ports can be used: 22, 80, 443.

On my router running SSH and WEB page for admin (HTTP/
HTTPS). I want to connect to SSH and HTTPS from the Net.

On my NAS there are many services.
The most importants are: SSH, HTTPS (for admin) and
HTTP + HTTPS for WEB services.

My goal is: reaching the router and the NAS from the proxy server.

You should be able to forward SSH, HTTP, HTTPS like this:
>
> sslh --listen my_wan:443 --ssh localhost:22 --http localhost:80 --ssl:80
>
I can use HTTP for NAS to connect to unencrypted pages.


> This may or may not work while listening on 80, depending on
> how your proxy work. Most likely it won't work.
>
Proxy is a squid proxy. I'll check it soon.


> > Do I have to setup a new sslh for port 80 and forwarding SSH and HTTPS
> > to my NAS's 22 and 443 ports? What can I do the remained 8080 and 8081
> > ports?
>
> For HTTP, it may be possible to do something like virtual
> domains, and have sslh look at the URL and forward to
> different ports based on the URL (using the regexp probe).
> This sounds like fun.
>
I don't understand this how can I do this.
I'm not a virtual domain wizzard. ;-)

TIA,
Ruzsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20130807/7beef80f/attachment.html>

More information about the sslh mailing list