[sslh] sslh Digest, Vol 45, Issue 3

[Brom]

Hi,
maybe you remember my case from some time ago: I couldnt get the
transparent proxying working on a latest Debian server. I tried
everything like running as root, setting the capabilities of the binary
or compile directly with libcap. Now I tried it again. Of course with
the same result, but I figured out how to log to the console (Maybe you
should include this in the github main page). This is the output of
./sslh-select --listen MY_IP:443 --ssl MY_IP:4443 --transparent
--verbose --foreground --user sslh
ssl addr: www.ldkf.de:4443. libwrap service: (null) family 2 2
listening on:
        www.ldkf.de:https
timeout: 2
on-timeout: ssl
listening to 1 addresses
turning into sslh
sslh-select v1.16-14-g9a0a9b9-dirty started
capabilities: = cap_net_admin+ep
selecting... max_fd=4 num_probing=0
accepted fd 4 on slot 0
selecting... max_fd=5 num_probing=1
accepted fd 5 on slot 1
selecting... max_fd=6 num_probing=2
processing fd0 slot 1
**** writing deferred on fd -1
probing for ssl
connecting to www.ldkf.de:4443 family 2 len 16
forward to ssl failed:connect: Connection timed out
closing fd 5
selecting... max_fd=6 num_probing=1
accepted fd 5 on slot 1
processing fd0 slot 0
connecting to www.ldkf.de:4443 family 2 len 16
forward to ssl failed:connect: Connection timed out
closing fd 4

So you can see, with the capabilities everything is alright. Instead it
looks like Apache (at port 4443) isnt reacting to it and the connection
is timing out. I checked the logfiles of Apache of course - there's
nothing. Could it have something to do with the iptables? I ran all the
commands given on github in this section. Could you help me out with
this, please?

Regards,
Brom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20141013/65ed21d2/attachment.html>