[sslh] Transparent mode, not to localhost
mictee
mictee at frups.net
Mon Jan 19 22:50:14 CET 2015
Hi list,
I'm trying to use sslh in transparent mode, like documented in the
readme: https://github.com/yrutschle/sslh#transparent-proxy-support.
Only in my case, the servers that sslh is forwarding traffic to are
actually on different machines. It's not working, and I think it might
be because I don't fully understand what the firewall and routing
settings are doing. I edited them the best I could for my situation:
iptables -t mangle -F
iptables -t mangle -N SSLH
iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport
22 --jump SSLH
iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport
80 --jump SSLH
iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport
443 --jump SSLH
iptables -t mangle -A SSLH --jump MARK --set-mark 0x1
iptables -t mangle -A SSLH --jump ACCEPT
ip rule add fwmark 0x1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
When I run sslh-fork with --transparent and run the above script, none
of my (previously working) setup seems to work anymore. In my syslog I
find:
systemd[1]: Starting SSL/SSH multiplexer...
systemd[1]: Started SSL/SSH multiplexer.
sslh-fork[67]: sslh-fork zip-2014-02-11 started
sslh-fork[67]: forward to ssl failed:connect: Connection timed out
sslh-fork[67]: connect: Connection timed out
sslh-fork[67]: forward to ssl failed:connect: Connection timed out
sslh-fork[67]: connect: Connection timed out
sslh-fork[67]: forward to ssl failed:connect: Connection timed out
sslh-fork[67]: connect: Connection timed out
Does anybody have a hint? I'm not even sure where to look.
Thanks a bunch in advance!
mictee
More information about the sslh
mailing list