Having trouble enabling transparent-mode

[hopperelec]

Sorry if GitHub Issues aren't a suitable place to ask about this, but I can't find a more suitable place to ask.

I have SSLH working to listen for traffic on 443 and forward it, as appropriate, to Apache (7443) or SSHD (22). However, I currently have transparent-mode off, so any HTTPS requests are showing as coming from 127.0.0.1 in my Apache logs.

I understand enabling transparent-mode is a complex process, but I believe I have the simplest setup for this since everything is on one host. After following all the steps in your guide, SSLH seems to stop picking up on any requests (both HTTPS and SSH; the journal just shows stopping/starting) although it is still listening on 443 so that isn't the issue. Turning transparent-mode back off fixes the issue and the journal shows all the requests and they are successfully forwarded.

SSLH has the following capabilities:
/usr/sbin/sslh = cap_net_bind_service,cap_net_raw+ep

My working DEFAULT_OPTS (I add --transparent):
--user sslh --listen 0.0.0.0:443 --ssh localhost:22 --tls localhost:7443 --pidfile /var/run/sslh/sslh.pid

My ipconfig

>>> sudo iptables -t raw -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  anywhere             localhost/8

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
>>> sudo iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
CONNMARK   tcp  --  anywhere             anywhere             connmark match  0x1/0xf CONNMARK restore mask 0xf

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  localhost/8          anywhere
>>> sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
CONNMARK   tcp  --  anywhere             anywhere             owner UID match sslh tcp flags:FIN,SYN,RST,ACK/SYN CONNMARK xset 0x1/0xf

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

What might I be doing wrong?

[lameventanas]

Not sure you're still having this problem, but check out the dummy interface approach for transparent mode, as described in docs/simple_transparent_proxy.md.