1
0
mirror of https://github.com/moparisthebest/sslh synced 2024-11-25 10:32:18 -05:00

Documented configuration trick to have both transparent proxying while still retaining the ability to connect to ssh directly

This commit is contained in:
Yves Rutschle 2015-01-01 18:31:10 +01:00
parent c03168042f
commit d91cd59bba

View File

@ -253,6 +253,13 @@ Tranparent proxying with IPv6 is similarly set up as follows:
# ip -6 rule add fwmark 0x1 lookup 100 # ip -6 rule add fwmark 0x1 lookup 100
# ip -6 route add local ::/0 dev lo table 100 # ip -6 route add local ::/0 dev lo table 100
Note that these rules will prevent from connecting directly
to ssh on the port 22, as packets coming out of sshd will be
tagged. If you need to retain direct access to ssh on port
22 as well as through sslh, you can make sshd listen to
22 AND another port (e.g. 2222), and change the above rules
accordingly.
FreeBSD: FreeBSD:
Given you have no firewall defined yet, you can use the following configuration Given you have no firewall defined yet, you can use the following configuration