[sslh] transparent option dosen't function

Thorsten Regner goofy at gmx.li
Thu Apr 24 08:55:15 CEST 2014 

Hello,

i have a problem with the Transparent option.

My Server have two NIC's WAN eth0 and LAN eth1.
WAN have the IP 172.16.0.11 and the LAN have the IP 192.168.0.11

Services are

ssh (config standard) -> all right the transparent option function
https (lighttpd 1.4.35) -> hear at 192.168.0.11:11443 and 
192.168.0.11:443 -> doesn't function
openvpn -> hear at 172.16.0.11:1194 -> doesn't function

then there is another problem, after i put the iptables rules in my firewall
the port of the services aren't able to connect.

So in my case, i can connect to ssh through port 445 but i can't connect 
through 22 ??

/usr/local/sbin/sslh -F /etc/sslh/sslh.conf
ssh addr: 172.16.0.11:ssh. libwrap service: ssh family 2 2
openvpn addr: 172.16.0.11:openvpn. libwrap service: (null) family 2 2
xmpp addr: localhost:xmpp-client. libwrap service: (null) family 10 10
http addr: localhost:http. libwrap service: (null) family 10 10
ssl addr: 192.168.0.11:https. libwrap service: (null) family 2 2
anyprot addr: localhost:https. libwrap service: (null) family 10 10
listening on:
     172.16.0.11:https
timeout: 2
on-timeout: ssh
listening to 1 addresses
turning into root
sslh-fork v1.16-13-gd10b539 started
accepted fd 4
**** writing deferred on fd -1
probing for ssh
probing for openvpn
probing for xmpp
probing for http
probing for ssl
connecting to 192.168.0.11:https family 2 len 16
forward to ssl failed:connect: Connection timed out
connect: Connection timed out
accepted fd 4
connecting to 172.16.0.11:ssh family 2 len 16
connection from 172.16.0.1:55246 to 172.16.0.11:https forwarded from 
172.16.0.1:55246 to 172.16.0.11:ssh
flushing deferred data to fd 3


my iptables .........

## clean
iptables -t mangle -F
iptables -t mangle -X
ip route del local 0.0.0.0/0 dev lo table 100
ip rule del fwmark 0x1 lookup 100

## mknew
iptables -t mangle -N SSLH
iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport 
22 --jump SSLH
iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport 
1194 --jump SSLH
iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth1 --sport 
443 --jump SSLH
iptables -t mangle -A SSLH --jump MARK --set-mark 0x1
iptables -t mangle -A SSLH --jump ACCEPT
ip rule add fwmark 0x1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

ok, i hope that's enough  info to my problem - so can you help me ?

regards Goofy

More information about the sslh mailing list