[sslh] Help regarding the configuring sslh in transparent mode.

salil GK gksalil at gmail.com
Sat Sep 23 22:32:44 UTC 2017 

Hello

I need to configure sslh in my custom linux ( debian based ) for port
multiplication. I could do the port multiplication without transparent
proxy mode. But transparent proxy mode is not working. I have followed all
steps mentioned in the sslh site for configuring (
https://github.com/yrutschle/sslh#transparent-proxy-support ). But still
things are not working.

The following is the sslh.conf file

~ # cat etc/sslh.cfg
verbose: true;
foreground: true;
inetd: false;
numeric: false;
transparent: true; ####### CHANGE THIS MODE
#transparent: false; ####### CHANGE THIS MODE
timeout: 2;
user: "_nobody";  # #### CHANGE THE USER
#user: "root";  # #### CHANGE THE USER
pidfile: "/var/run/sslh.pid";


# Change hostname with your external address name.
listen:
(
{ host: "10.50.157.194"; port: "443"; }
);

protocols:
(

{ name: "http"; host: "10.50.157.194"; port: "445"; },
{ name: "regex"; host: "10.50.157.194"; port: "3478"; regex_patterns:
[ "\x21\x12\xa4\x42" ]; }
);
~ #

The console of sslh program execution shows the following

~ # /sbin/sslh -F/tandberg/etc/sslh.cfg -v
http addr: X194:microsoft-ds. libwrap service: (null) log_level: 1 family 2 2 []
regex addr: X194:nat-stun-port. libwrap service: (null) log_level: 1
family 2 2 []
listening on:
    X194:https  []
timeout: 2
on-timeout: http
listening to 1 addresses
turning into _nobody
sslh-fork tempo-boot-20-6-g271a27e-dirty started
capabilities: = cap_net_admin+ep



accepted fd 4
**** writing deferred on fd -1
probing for http
probing for regex
all probes failed, connecting to first protocol: http
connecting to X194:microsoft-ds family 2 len 16
accepted fd 4
**** writing deferred on fd -1
probing for http
probing for regex
all probes failed, connecting to first protocol: http
connecting to X194:microsoft-ds family 2 len 16
accepted fd 4
**** writing deferred on fd -1
probing for http
probing for regex
all probes failed, connecting to first protocol: http
connecting to X194:microsoft-ds family 2 len 16
forward to http failed:connect: Connection timed out
forward to http failed:connect: Connection timed out
connect: Connection timed out
connect: Connection timed out
forward to http failed:connect: Connection timed out
connect: Connection timed out

following is the iptable command I ran in the shell

~ # iptables -t mangle -N SSLH
iptables: Chain already exists.
~ # iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0
--sport 445 --jump SSLH
~ # iptables -t mangle -A SSLH --jump MARK --set-mark 0x1
~ # iptables -t mangle -A SSLH --jump ACCEPT
~ # ip rule add fwmark 0x1 lookup 100
RTNETLINK answers: Address family not supported by protocol
~ # ip route add local 0.0.0.0/0 dev lo table 100
RTNETLINK answers: File exists

Any help or pointers would be really appreciated.

Thanks ~S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20170924/40d5d081/attachment.html>

More information about the sslh mailing list