[sslh] Transparent mode with IPv4 and IPv6
Matt Smith
sslh at xtaz.co.uk
Fri Jan 22 09:18:51 UTC 2016
On Jan 22 09:00, Yves Rutschle wrote:
>On Thu, Jan 21, 2016 at 09:42:26PM +0000, Matt Smith wrote:
>> So it would appear that in transparent mode you can only forward on the same
>> address type, whereas without transparent mode you can use either. Is this
>> something that could be solved within sslh or is this a limitation of
>> transparent proxying?
>
>This is correct and can't be solved: if sslh becomes
>transparent, then the final server receives IPv6 addresses
>from the outside world.
>
>You should be able to get your servers (e.g. sshd) to listen
>to both IPv4 and IPv6 and get sslh to try to connect to both
>though:
>
>sslh --transparent --listen <IP:443> --ssh insideaddr:22
>
>with /etc/hosts:
>192.168.0.1 insideaddr
>2001::::2 insideaddr
>
>When forwarding, sslh tries each address in turn, so
>hopefully it'll try the IPv4, which will fail, then the
>IPv6, which will work.
>
>I've never tried it, please report if that works or not :)
>
>Y.
That is perfect! I do have working DNS so I just changed it from IP
addresses to hostnames and it works perfectly on both v4 and v6 in
transparent mode now. I don't know why I didn't think of that before. It
seems so obvious now! Thanks for that :)
--
Matt
More information about the sslh
mailing list