mirror of
https://github.com/yrutschle/sslh.git
synced 2025-04-18 17:57:39 +03:00
Added a note on configuring transparent proxying for both IPv4 and IPv6
This commit is contained in:
Yves Rutschle
parent
8758a298ba
commit
0b6cc0d909
18
README.md
18
README.md
@ -304,6 +304,24 @@ This will not work:
|
|||||||
|
|
||||||
sslh --listen 192.168.0.1:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:4443
|
sslh --listen 192.168.0.1:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:4443
|
||||||
|
|
||||||
|
Transparent proxying means the target server sees the real
|
||||||
|
origin address, so it means if the client connects using
|
||||||
|
IPv6, the server must also support IPv6. It is easy to
|
||||||
|
support both IPv4 and IPv6 by configuring the server
|
||||||
|
accordingly, and setting `sslh` to connect to a name that
|
||||||
|
resolves to both IPv4 and IPv6, e.g.:
|
||||||
|
|
||||||
|
sslh --transparent --listen <extaddr>:443 --ssh insideaddr:22
|
||||||
|
|
||||||
|
/etc/hosts:
|
||||||
|
192.168.0.1 insideaddr
|
||||||
|
201::::2 insideaddr
|
||||||
|
|
||||||
|
Upon incoming IPv6 connection, `sslh` will first try to
|
||||||
|
connect to the IPv4 address (which will fail), then connect
|
||||||
|
to the IPv6 address.
|
||||||
|
|
||||||
|
|
||||||
Fail2ban
|
Fail2ban
|
||||||
--------
|
--------
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user