[sslh] Help regarding the configuring sslh in transparent mode.
salil GK
gksalil at gmail.com
Mon Sep 25 05:52:26 UTC 2017
May I request any help on this. I am in a kind of stuck with this issue.
Thanks
Salil
On 24 September 2017 at 04:02, salil GK <gksalil at gmail.com> wrote:
> Hello
>
> I need to configure sslh in my custom linux ( debian based ) for port
> multiplication. I could do the port multiplication without transparent
> proxy mode. But transparent proxy mode is not working. I have followed all
> steps mentioned in the sslh site for configuring ( https://github.com/
> yrutschle/sslh#transparent-proxy-support ). But still things are not
> working.
>
> The following is the sslh.conf file
>
> ~ # cat etc/sslh.cfg
> verbose: true;
> foreground: true;
> inetd: false;
> numeric: false;
> transparent: true; ####### CHANGE THIS MODE
> #transparent: false; ####### CHANGE THIS MODE
> timeout: 2;
> user: "_nobody"; # #### CHANGE THE USER
> #user: "root"; # #### CHANGE THE USER
> pidfile: "/var/run/sslh.pid";
>
>
> # Change hostname with your external address name.
> listen:
> (
> { host: "10.50.157.194"; port: "443"; }
> );
>
> protocols:
> (
>
> { name: "http"; host: "10.50.157.194"; port: "445"; },
> { name: "regex"; host: "10.50.157.194"; port: "3478"; regex_patterns: [ "\x21\x12\xa4\x42" ]; }
> );
> ~ #
>
> The console of sslh program execution shows the following
>
> ~ # /sbin/sslh -F/tandberg/etc/sslh.cfg -v
> http addr: X194:microsoft-ds. libwrap service: (null) log_level: 1 family 2 2 []
> regex addr: X194:nat-stun-port. libwrap service: (null) log_level: 1 family 2 2 []
> listening on:
> X194:https []
> timeout: 2
> on-timeout: http
> listening to 1 addresses
> turning into _nobody
> sslh-fork tempo-boot-20-6-g271a27e-dirty started
> capabilities: = cap_net_admin+ep
>
>
>
> accepted fd 4
> **** writing deferred on fd -1
> probing for http
> probing for regex
> all probes failed, connecting to first protocol: http
> connecting to X194:microsoft-ds family 2 len 16
> accepted fd 4
> **** writing deferred on fd -1
> probing for http
> probing for regex
> all probes failed, connecting to first protocol: http
> connecting to X194:microsoft-ds family 2 len 16
> accepted fd 4
> **** writing deferred on fd -1
> probing for http
> probing for regex
> all probes failed, connecting to first protocol: http
> connecting to X194:microsoft-ds family 2 len 16
> forward to http failed:connect: Connection timed out
> forward to http failed:connect: Connection timed out
> connect: Connection timed out
> connect: Connection timed out
> forward to http failed:connect: Connection timed out
> connect: Connection timed out
>
> following is the iptable command I ran in the shell
>
> ~ # iptables -t mangle -N SSLH
> iptables: Chain already exists.
> ~ # iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport 445 --jump SSLH
> ~ # iptables -t mangle -A SSLH --jump MARK --set-mark 0x1
> ~ # iptables -t mangle -A SSLH --jump ACCEPT
> ~ # ip rule add fwmark 0x1 lookup 100
> RTNETLINK answers: Address family not supported by protocol
> ~ # ip route add local 0.0.0.0/0 dev lo table 100
> RTNETLINK answers: File exists
>
> Any help or pointers would be really appreciated.
>
> Thanks ~S
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20170925/0d59b0a4/attachment.html>
More information about the sslh
mailing list