On 2013-08-03 20:24, Ruben Cardenal wrote:
> And did the iptables part:
>
> iptables -t mangle -N DIVERT
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> iptables -t mangle -A DIVERT -j MARK --set-mark 1
> iptables -t mangle -A DIVERT -j ACCEPT
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
> Debugging the whole thing, it can be seen that stunnel tries to connect:
>
> [pid 16823] connect(9, {sa_family=AF_INET, sin_port=htons(1357),
> sin_addr=inet_addr("195.78.X.X")}, 16) = -1 EINPROGRESS (Operation now
> in progress)
>
> BUT the service running in 1357 does this:
>
> # tcpdump -i eth1 -n port 1357
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
> 19:52:52.586773 IP 195.78.X.X.1357 > MY_HOME_ADDRESS.34853: Flags
> [S.], seq 2655966098, ack 546202865, win 5840, options [mss
> 1460,nop,nop,sackOK], length 0It looks like you configured your server and stunnel on the same host. As the result returning packets won't ever hit the PREROUTING chain of the mangle table, thus stunnel won't receive them. http://www.iptables.info/en/structure-of-iptables.html I'm sure the documentation I wrote could be better... Mike
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
