[sslh] Iptables after SSLH redirection? (Need source IP that connects to SSLH)
Yves Rutschle
yves at rutschle.net
Fri May 27 11:11:34 UTC 2016
On Fri, May 27, 2016 at 11:51:04AM +0200, Emmanuel Schwartz wrote:
> Then behind this central server, I have tiny servers (linux) which only have a connection to the central server, so no direct connection to Internet.
>
> My problem is that depending on the IP which connects to SSLH, i would like to redirect to the correct tiny server. (e.g: IP1 goes to tinyserver3, IP2 goes to tinyserver1 etc etc..)
> I think it is not possible since SSLH is redirecting every SSH packets to localhost:22 unless I have the source IP which connects to SSLH (using Iptables)
I'm not sure I understand your setup. If your goal is to
connect a specific set of external IP addresses to 'tiny
server' while the rest connects to 'main server', you could:
- Try using transparent proxying in sslh, which will let the
source IP address so you can then sort connections with
iptables
- Pre-sort with iptables that would split incoming
connections to 'tiny server' and 'main server', and have
sslh on both servers.
Y.
More information about the sslh
mailing list