[sslh] setsockopt: Operation not permitted when using init.d
Matt Okeson-Harlow
sslh at technomage.net
Sat Sep 21 10:45:24 CEST 2013
sslh v1.15-21-ga168461
Distributor ID: Ubuntu
Description: Ubuntu 12.04.3 LTS
Release: 12.04
Codename: precise
When attempting to run sslh using /etc/init.d/sslh on ubuntu I get the error:
setsockopt: Operation not permitted
soon after it launches and no connections to port 443 work.
### ps -f -U sslh -u sslh
UID PID PPID C STIME TTY TIME CMD
sslh 13230 1 0 02:25 ? 00:00:00 /usr/sbin/sslh-fork --user sslh --pidfile /var/run/sslh.pid -p 172.27.1.3 443 --ssh 172.27.1.3 2443 --ssl 172.27.1.3 1443 --openvpn 172.27.1.3 1195 --transparent
sslh 13232 13230 0 02:25 ? 00:00:00 /usr/sbin/sslh-fork --user sslh --pidfile /var/run/sslh.pid -p 172.27.1.3 443 --ssh 172.27.1.3 2443 --ssl 172.27.1.3 1443 --openvpn 172.27.1.3 1195 --transparent
###
If I run the command using sudo, it works and gives no error.
sudo -u sslh -H /usr/sbin/sslh-fork --transparent --user sslh --listen 172.27.1.3:443 --ssh 172.27.1.3:2443 --ssl 172.27.1.3:1443 --openvpn 172.27.1.3:1195
Is there something I am missing or not doing correctly?
### iptables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SSLH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:1443
SSLH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:1195
SSLH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:2443
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
CHECKSUM fill
CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
CHECKSUM fill
Chain SSLH (3 references)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x1
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
###
### /etc/init.d/sslh
#! /bin/sh
### BEGIN INIT INFO
# Provides: sslh
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 1
# Short-Description: sslh proxy ssl & ssh connections
### END INIT INFO
set -e
tag=sslh
facility=user.info
# /etc/init.d/sslh: start and stop the sslh proxy daemon
if test -f /etc/default/sslh; then
. /etc/default/sslh
fi
# The prefix is normally filled by make install. If
# installing by hand, fill it in yourself!
PREFIX=/usr
DAEMON=${PREFIX}/sbin/sslh-fork
IP='172.27.1.3'
start()
{
echo "Start services: sslh"
# $DAEMON --user ${USER} --pidfile ${PID} --listen ${LISTEN} --ssh ${SSH} --ssl ${SSL} --openvpn ${OPENVPN} --transparent
${DAEMON} --user ${USER} --pidfile ${PID} -p ${IP}:443 --ssh ${IP}:2443 --ssl ${IP}:1443 --openvpn ${IP}:1195 --transparent
logger -t ${tag} -p ${facility} -i 'Started sslh'
}
stop()
{
echo "Stop services: sslh"
killall $DAEMON
logger -t ${tag} -p ${facility} -i 'Stopped sslh'
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 5
start
;;
*)
echo "Usage: /etc/init.d/sslh {start|stop|restart}" >&2
;;
esac
exit 0
###
--
Matt Okeson-Harlow
http://technomage.net
More information about the sslh
mailing list