[sslh] Transparent mode with IPv4 and IPv6
Yves Rutschle
yves at rutschle.net
Fri Jan 22 09:00:56 UTC 2016
On Thu, Jan 21, 2016 at 09:42:26PM +0000, Matt Smith wrote:
> So it would appear that in transparent mode you can only forward on the same
> address type, whereas without transparent mode you can use either. Is this
> something that could be solved within sslh or is this a limitation of
> transparent proxying?
This is correct and can't be solved: if sslh becomes
transparent, then the final server receives IPv6 addresses
from the outside world.
You should be able to get your servers (e.g. sshd) to listen
to both IPv4 and IPv6 and get sslh to try to connect to both
though:
sslh --transparent --listen <IP:443> --ssh insideaddr:22
with /etc/hosts:
192.168.0.1 insideaddr
2001::::2 insideaddr
When forwarding, sslh tries each address in turn, so
hopefully it'll try the IPv4, which will fail, then the
IPv6, which will work.
I've never tried it, please report if that works or not :)
Y.
More information about the sslh
mailing list