[sslh] Help regarding the configuring sslh in transparent mode.
salil GK
gksalil at gmail.com
Sat Sep 23 22:32:44 UTC 2017
Hello
I need to configure sslh in my custom linux ( debian based ) for port
multiplication. I could do the port multiplication without transparent
proxy mode. But transparent proxy mode is not working. I have followed all
steps mentioned in the sslh site for configuring (
https://github.com/yrutschle/sslh#transparent-proxy-support ). But still
things are not working.
The following is the sslh.conf file
~ # cat etc/sslh.cfg
verbose: true;
foreground: true;
inetd: false;
numeric: false;
transparent: true; ####### CHANGE THIS MODE
#transparent: false; ####### CHANGE THIS MODE
timeout: 2;
user: "_nobody"; # #### CHANGE THE USER
#user: "root"; # #### CHANGE THE USER
pidfile: "/var/run/sslh.pid";
# Change hostname with your external address name.
listen:
(
{ host: "10.50.157.194"; port: "443"; }
);
protocols:
(
{ name: "http"; host: "10.50.157.194"; port: "445"; },
{ name: "regex"; host: "10.50.157.194"; port: "3478"; regex_patterns:
[ "\x21\x12\xa4\x42" ]; }
);
~ #
The console of sslh program execution shows the following
~ # /sbin/sslh -F/tandberg/etc/sslh.cfg -v
http addr: X194:microsoft-ds. libwrap service: (null) log_level: 1 family 2 2 []
regex addr: X194:nat-stun-port. libwrap service: (null) log_level: 1
family 2 2 []
listening on:
X194:https []
timeout: 2
on-timeout: http
listening to 1 addresses
turning into _nobody
sslh-fork tempo-boot-20-6-g271a27e-dirty started
capabilities: = cap_net_admin+ep
accepted fd 4
**** writing deferred on fd -1
probing for http
probing for regex
all probes failed, connecting to first protocol: http
connecting to X194:microsoft-ds family 2 len 16
accepted fd 4
**** writing deferred on fd -1
probing for http
probing for regex
all probes failed, connecting to first protocol: http
connecting to X194:microsoft-ds family 2 len 16
accepted fd 4
**** writing deferred on fd -1
probing for http
probing for regex
all probes failed, connecting to first protocol: http
connecting to X194:microsoft-ds family 2 len 16
forward to http failed:connect: Connection timed out
forward to http failed:connect: Connection timed out
connect: Connection timed out
connect: Connection timed out
forward to http failed:connect: Connection timed out
connect: Connection timed out
following is the iptable command I ran in the shell
~ # iptables -t mangle -N SSLH
iptables: Chain already exists.
~ # iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0
--sport 445 --jump SSLH
~ # iptables -t mangle -A SSLH --jump MARK --set-mark 0x1
~ # iptables -t mangle -A SSLH --jump ACCEPT
~ # ip rule add fwmark 0x1 lookup 100
RTNETLINK answers: Address family not supported by protocol
~ # ip route add local 0.0.0.0/0 dev lo table 100
RTNETLINK answers: File exists
Any help or pointers would be really appreciated.
Thanks ~S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20170924/40d5d081/attachment.html>
More information about the sslh
mailing list