[sslh] sslh with iptables load balancing

[salil GK]

The rules I have mentioned is indicative the rules will looks like as
follows

-A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 6
--packet 0 -j REDIRECT --to-port 3478

-A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 5
--packet 0 -j REDIRECT --to-port 3479

-A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 4
--packet 0 -j REDIRECT --to-port 3480

-A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 3
--packet 0 -j REDIRECT --to-port 3481

-A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 2
--packet 0 -j REDIRECT --to-port 3482

-A TURN_TCP -p tcp -i eth0 --dport 3478 -j REDIRECT --to-port 3483



   my sslh rules

-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j SSLH

-A OUTPUT -o eth0 -p tcp -m tcp --sport 3478 -j SSLH

-A SSLH -j MARK --set-xmark 0x1/0xffffffff

-A SSLH -j ACCEPT


and in sslh.conf

listen:

(

{ host: "10.x.y.133"; port: "443"; }

);


protocols:

(

{ name: "http"; host: "10.x.y.133"; port: "8080"; },

{ name: "regex"; host: "10.x.y.133"; port: "3478"; regex_patterns: [
"\x21\x12\xa4\x42" ]; },

{ name: "anyprot"; host: "10.x.y.133"; port: "8080"; }

);

On 16 March 2018 at 05:12, salil GK <gksalil at gmail.com> wrote:

> Hi
>
>     I am trying to do port demultiplexing with sslh for turn and web
> access. Things are working perfect. But I have to implement load balancing
> using iptables in turn ports - which means when sslh redirect the packet to
> turn it need to be load balanced between some 6 ports. I have applied the
> rules for the same. But it doesn't work. If I have only load balancing
> iptables rules, it works perfect. If I have sslh iptables rules, sslh works
> but load balancing doesn't work. What could be the issue ?
>
> my load balancing rules
>
> -A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 6
> --packet 0 -j REDIRECT --to-port 3478
>
> -A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 5
> --packet 0 -j REDIRECT --to-port 3479
>
> -A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 4
> --packet 0 -j REDIRECT --to-port 3480
>
> -A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 3
> --packet 0 -j REDIRECT --to-port 3481
>
> -A TURN_TCP -p tcp -i eth0 --dport 3478 -m statistic --mode nth --every 2
> --packet 0 -j REDIRECT --to-port 3482
>
> -A TURN_TCP -p tcp -i eth0 --dport 3478 -j REDIRECT --to-port 3483
>
> my ssh rules
>
> -A OUTPUT -o eth0 -p tcp -m tcp --sport 2020 -j SSLH
>
> -A OUTPUT -o eth0 -p tcp -m tcp --sport 1010 -j SSLH
>
> -A SSLH -j MARK --set-xmark 0x1/0xffffffff
>
> -A SSLH -j ACCEPT
>
> Thanks
> ~S
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20180316/2301cd50/attachment.html>