[sslh] Using sslh transparent proxy on FreeBSD?
Matt Smith
sslh at xtaz.co.uk
Thu Apr 14 10:42:58 UTC 2016
On Apr 14 11:36, Matt Smith wrote:
>My setup is that I have nginx listening on port 444, and sslh
>forwarding to port 444 for tls/ssl. My ipfw rules are as follows:
>
>ipfw add 00020 fwd 10.0.0.10,4444 tcp from 'table(2)' to 10.0.0.10 443
>in via re0
>ipfw add 00021 fwd 10.0.0.10,4444 tcp from 10.0.0.10 422,444 to
>'table(2)' out via re0
>
>This is setup so that any source IP address that is found in table 2
>is transparently forwarded to nginx, return traffic that is sent back
>to any IP found in table 2 is rerouted back to sslh. In my case
>nginx/sslh is running on 10.0.0.10 which is on the re0 interface.
>
>You could change the table 2 to just say any and then all traffic will
>go via sslh but I didn't want that. I wanted most connections to go
>directly to nginx, and only a whitelist that I select to go to sslh.
I should also mention that sslh is listening on port 4444 and openssh is
listening on port 422. Just to make the above ruleset a lot clearer.
--
Matt
More information about the sslh
mailing list