[sslh] Transparent proxy with IPv6?
Yves Rutschle
yves at rutschle.net
Wed Feb 19 08:01:11 CET 2014
Hi Rodney,
I'm copying this on the sslh mailing list: the iptables is a
bit like black magic to me, I've got a superficial
understanding of what's going on. Others on the list are way
more proficient than I am.
Transparent cross-protocol doesn't sound like something that
should be possible, really: if you have an external IPv6
address connecting to your server and your server expects
IPv4, what would the IP packet look like?
OTOH I'd think that transparent proxying with IPv6 should be
possible, if you just have your Web server also listen on
IPv6, so you'd have a dual stack 4/6, Web server listening
in on 4 and 6, sslh working on 4 and 6, iptables magic on 4
and 6, and all might work. That said, I never personally
tested transparent proxying with IPv6.
HTH,
Y.
On Tue, Feb 18, 2014 at 09:54:42PM -0500, Rodney Hester wrote:
> Yves,
>
> Is it correct that sslh cannot be used in transparent proxy mode when also
> using IPv4 and IPv6?
>
> For instance, if sslh is listening on [2001:a:b:c:d]:443, but routing HTTPS
> traffic to 192.168.1.2:4433, I don't iptables can "cross boundaries" that
> way, can it?
>
> I hope my question makes sense - I tried setting up the transparent proxy
> per the README and it did not work (at all ;), and then I thought about the
> problem and realized that it is probably a choice that you can either use a
> dual-stack IPv4/IPv6 setup (as I am) *or* transparent proxy, but not both.
> Is that true?
>
> Rodney
More information about the sslh
mailing list