Issue ripe for deletion - only arrogance and condescense, no help

[njs95]

Issue ripe for deletion - only arrogance and condescense, no help

[ftasnetamot]

Edit: 28.7.2024 YOU CAN Close this issue, so please DO! Deleting all the **** you wrote, and let only answers left in this thread shows exactly your attitude, not to accept any critics. That it can go other, look at #371

The lesson I have learned, is that I will not longer offer any help, to people without basic network knowledge and no sign, that they are willing to dig into their problems.

Original starts here, unfortunately now without all censored in between ...

Does this work with SSLH in docker or is it only for a local installation?

READ it, please! You will find this sentence: This concept can also be adapted for several setups, where the sshd (or any other target service) is running in a container, kvm-virtual machine, etc. Precondition is, that the target system is the next hop and uses the sslh-hosting system as default gateway.

The new setup works for almost every setup, and I tried to explain, why and how it works. And also here: Before we know, how you real network scenarion looks like, there is now answer possible. Read the tow documents, try to understand, which of the routing scenarios may match your Traefik container and draw a network plan. My guess is, that you forget the firewall-packetmarking and routing setup, if you followed the traditional way. The only thing, which is new to my setup is:

• that you don't need to enable routing localnet, which implies security risks
• you use a dedicated dummy interface, for the target applications with a own /32 ip address, you can choose arbitrarly
• because of this dedicated ip its no longer needed, marking packets with firewall rules for routing
• routing is done based on the uniqe IP

And the basic thing is: If you have your network plan, where you can see, which ways packets will take back to a client, you can decide, if you need a configuration following scenario 1, 2 or 3.

[ftasnetamot]

docker is a product name, for a container solution, and you will find the word container! I used abstractions and no product names for containers, kvm instances, virtualisation systems in this documentation.

You need not to be an computer scientist, but you NEED to have a understanding, what you are trying to construct. For network related setups, a network plan, showing how all the components are tied together and how the traffic is flowing in between, is mandatory for configuration and for further help.

And the best way setting this up is: First get it working in the standard way, without transparency. If this is not working, fix those problems first. If everything is working in standard mode, set up the dummy interface, tie your backend application to this interface, but keep the configuratin still intransparent. If this is not working, check all your settings, as you made an mistake in reconfiguration. In the next step, switch sslh to transparent. If this is now not working, you need to recheck your network plan and figure out, how the packets from the target applications will be routed back.

[ftasnetamot]

What is "limited" transparency? I know transparent and nontransparent aka intransparent mode. But limited transparency? What happens if you bring the interface up with ifup dummy0? And again: This documentation is abstract and works mostly with most basic linux distributions. However, if you are using things like network manager with netplan, configuration needs to go to other locations, So check your used configuration tools and apply the configuration to the right place.

Also you say "tie" your backend application to this interface? What does this mean?

Really? You can configure your application and tell, at which interface at which port it listens. The application uses the bind() system call, to tie or bind to this address on the corresponding interface.

In a network plan, there is no pre/postrouting. A network plan just looks like a street map, which shows, how single addresses (houses) are connected together, and which routes (streets) people can use, to go from a to b and back.

pre/postrouting are firewall concepts, and my configuration method, does not need any firewall support. It only need routing.

If you have a plan, just show it, with all interfaces of the related systems, with their ips.

For sslh you are fine with the debian distributed versions. I have transparent sslh running on ubuntu 20.4, debian bookworm, debian buster and bullseye and devuan daedalus just with the distribution sslh. There are setups, where I connect to kvm-virtual-hosts.

If I do not have an exact preset that works in principle where I can adjust my ip addresses or interfaces like a monkey, I will never get the syntax right.

With this preconditions, please stop setting up servers in the internet!

[ftasnetamot]

What a horrible attitude to live your life. If you aren't a cook, stop cooking, it's dangerous. If you aren't a doctor, stop taking pills against headache. If you can't assemble a combustion engine from ground up with no tools, stop driving your car.

What a horrible attitude asking for help, and insulting people spending their own free time assisting you!

• If you don't know the difference between poison and spices, stop cooking!
• If you don't know, why you are having headache, and the side effects of your pills, stop taking them

• if you have no plan from traffic rules and no drivers license, please don't drive a car! Unsecure servers are theatening us all! If you ask for help from your point of knowledge you need to accept at least critics!

  Your plan shows, that you have no clue what you are doing.
  -How many interfaces are on your router/switch, what are the related addresses.

• Your docker has no interface at all?
• on which interface is OpenVPN, sshd and service 2 listening? How is the routing to/from docker happening?

Try to create an plan, which really shows all interfaces and *ip addresses**, (you can name them ip1, ip2, but it must be clear, to which network they belong) and on which of those interfaces all the applications are listening. Look at my extended documentation with the three scenarios.

And again:

• Is it working without transparency?
• Is it working without transparency, and the targets now reside on dummy interface?

But expect no further help from me! Bye

[yrutschle]

I think ample help was provided here... I'll close this thread now.