Hi, in the documentation it is stated that I cannot use rdr as a reflector, i.e. if both in and out traffic go through the same interface. Now I wonder how solve the following situation.
I have a client application where I configure ip addresses of servers to contact. Problem is that the customer wants SSL and the application is not SSL-aware. So I want to use stunnel on the same machine for tunneling. But how do I now redirect the application requests (to the target ips) to my local stunnel ports. Based on the routing both application requests and final stunnel requests go via the same interface. I tried to use logical interfaces to fool ipf but ipnat does not accept "bge0:1" (btw: Solaris 8/9 is the environment for this). I have thought of configuring loopback (127.x.x.x) addresses inside the application and redirecting these to the stunnel service ports; this might work (not yet tested) but is really ugly ... Maybe someone has done something similar before ... ? -- Heiko Nardmann (Dipl.-Ing. Technische Informatik) secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de), Weidenauer Str. 223-225, D-57076 Siegen Tel. : +49 271 48950-13, Fax : +49 271 48950-50
pgpef0YL6iU7y.pgp
Description: PGP signature
