Nardmann, Heiko wrote:
Hi,
in the documentation it is stated that I cannot use rdr as a reflector, i.e.
if both in and out traffic go through the same interface. Now I wonder how
solve the following situation.
I have a client application where I configure ip addresses of servers to
contact. Problem is that the customer wants SSL and the application is not
SSL-aware. So I want to use stunnel on the same machine for tunneling. But
how do I now redirect the application requests (to the target ips) to my
local stunnel ports. Based on the routing both application requests and final
stunnel requests go via the same interface. I tried to use logical interfaces
to fool ipf but ipnat does not accept "bge0:1" (btw: Solaris 8/9 is the
environment for this).
I have thought of configuring loopback (127.x.x.x) addresses inside the
application and redirecting these to the stunnel service ports; this might
work (not yet tested) but is really ugly ...
Maybe someone has done something similar before ... ?
I would redirect to local address on lo0. If ipf lets you get
to lo0, I know solaris' loopback is a little odd compared to
other operating systems.
I do something like this at home for transparent web caching,
using ipf 4.x on NetBSD.
- Chris
