[tproxy] stunnel -T (transparency mode)

Balazs Scheidler bazsi@balabit.hu
Sat, 31 May 2003 18:43:39 +0200

On Fri, May 30, 2003 at 03:15:24AM -0400, Brad Langhorst wrote:
> I've patched my kernel (debian 2.4.20 pkg)
> with your latest tproxy patch.
> and have inserted your iptable_tproxy module 
> iptable_tproxy          9760   0  (unused)
> iptable_nat            15800   0  [iptable_tproxy]
> ip_tables              11896   4  [iptable_tproxy iptable_nat]
> ip_conntrack           19016   1  [iptable_tproxy iptable_nat]
> I'm now trying to get my stunnel wrapped imapd to report remote ip addresses 
> in the log file.
> stunnel with the -T switch is supposed to try to listen on a foreign IP 
> address - but i still see 
> May 30 03:14:18 strange imapd[1207]: login: strange[] bwlang 
> plaintext
> in my mail.log  instead of the that i should see.
> Do all have any suggestion for making this work or debugging the problem?
> I think I do not have to set up any sort of iptables rule - is that correct?

You will need a patch for that to stunnel to support the TPROXY API.

And even in this case I don't know whether netfilter is able to SNAT towards
the loopback interface.

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1