[sslh] Latest commit breaks fork
Matt Smith
matt.xtaz at gmail.com
Wed Jan 10 13:32:14 UTC 2018
Hi,
Yes I do use transparent proxying. I don't get any messages before or after.
Connection that breaks:
Jan 9 20:02:25 tao sslh-select[72885]: sslh-select v1.18-82-g9a85efd
started
Jan 9 20:02:30 tao sslh-select[72885]: getpeername:9:Bad file descriptor
Connection that works:
Jan 9 20:01:12 tao sslh-select[28626]: sslh-select v1.18-81-g7bf3e12
started
Jan 9 20:01:49 tao sslh-select[28626]: ssh:connection from
213.205.198.147:50822 to 10.0.0.10:443 forwarded from 213.205.198.147:50822
to 10.0.0.10:422
My specific setup is firewall rules that forward anything that matches a
table of specific source IP addresses and hits 10.0.0.10:443 to
10.0.0.10:4444. And anything that leaves ports 422 (openssh) or 444 (nginx)
is also forwarded to 10.0.0.10:4444.
And then in sslh.conf I have this:
transparent: true;
listen:
(
{ host: "tao.example.com"; port: "4444"; }
);
protocols:
(
{ name: "ssh"; service: "ssh"; host: "tao.example.com"; port:
"422"; keepalive: true; fork: true; },
{ name: "tls"; host: "tao.example.com"; port: "444"; log_level: 0;
},
);
Regards, Matt.
On 10 January 2018 at 13:14, Yves Rutschle <yves at rutschle.net> wrote:
> On Wed, Jan 10, 2018 at 10:27:17AM +0000, Matt Smith wrote:
> > cc -Wall -O2 -I/usr/local/include -DENABLE_REGEX -DLIBPCRE -DLIBCONFIG -c
> > sslh-select.c
> >
> > FYI, I didn't mention before. But when I get the connect error that I
> > mentioned the original sslh-select process dies as well. Setting fork:
> > false allows it to work fine.
>
> Ok -- do you use transparent proxying, and can you paste the
> messages you get before and after, if any?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20180110/c3181db4/attachment.html>
More information about the sslh
mailing list