mirror of
https://github.com/moparisthebest/sslh
synced 2024-11-25 10:32:18 -05:00
Documented configuration trick to have both transparent proxying while still retaining the ability to connect to ssh directly
This commit is contained in:
parent
c03168042f
commit
d91cd59bba
@ -253,6 +253,13 @@ Tranparent proxying with IPv6 is similarly set up as follows:
|
|||||||
# ip -6 rule add fwmark 0x1 lookup 100
|
# ip -6 rule add fwmark 0x1 lookup 100
|
||||||
# ip -6 route add local ::/0 dev lo table 100
|
# ip -6 route add local ::/0 dev lo table 100
|
||||||
|
|
||||||
|
Note that these rules will prevent from connecting directly
|
||||||
|
to ssh on the port 22, as packets coming out of sshd will be
|
||||||
|
tagged. If you need to retain direct access to ssh on port
|
||||||
|
22 as well as through sslh, you can make sshd listen to
|
||||||
|
22 AND another port (e.g. 2222), and change the above rules
|
||||||
|
accordingly.
|
||||||
|
|
||||||
FreeBSD:
|
FreeBSD:
|
||||||
|
|
||||||
Given you have no firewall defined yet, you can use the following configuration
|
Given you have no firewall defined yet, you can use the following configuration
|
||||||
|
Loading…
Reference in New Issue
Block a user