[tproxy] stunnel -T (transparency mode)
Balazs Scheidler
bazsi@balabit.hu
Sat, 31 May 2003 18:43:39 +0200
On Fri, May 30, 2003 at 03:15:24AM -0400, Brad Langhorst wrote:
> I've patched my kernel (debian 2.4.20 pkg)
> with your latest tproxy patch.
> and have inserted your iptable_tproxy module
>
> iptable_tproxy 9760 0 (unused)
> iptable_nat 15800 0 [iptable_tproxy]
> ip_tables 11896 4 [iptable_tproxy iptable_nat]
> ip_conntrack 19016 1 [iptable_tproxy iptable_nat]
>
> I'm now trying to get my stunnel wrapped imapd to report remote ip addresses
> in the log file.
>
> stunnel with the -T switch is supposed to try to listen on a foreign IP
> address - but i still see
> May 30 03:14:18 strange imapd[1207]: login: strange[127.0.0.1] bwlang
> plaintext
> in my mail.log instead of the 192.168.0.5 that i should see.
>
> Do all have any suggestion for making this work or debugging the problem?
> I think I do not have to set up any sort of iptables rule - is that correct?
You will need a patch for that to stunnel to support the TPROXY API.
And even in this case I don't know whether netfilter is able to SNAT towards
the loopback interface.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1