On Donnerstag 14 Juli 2005 18:18, Chris Ross wrote: > Nardmann, Heiko wrote: > > Hi, > > > > in the documentation it is stated that I cannot use rdr as a reflector, > > i.e. if both in and out traffic go through the same interface. Now I > > wonder how solve the following situation. > > > > I have a client application where I configure ip addresses of servers to > > contact. Problem is that the customer wants SSL and the application is > > not SSL-aware. So I want to use stunnel on the same machine for > > tunneling. But how do I now redirect the application requests (to the > > target ips) to my local stunnel ports. Based on the routing both > > application requests and final stunnel requests go via the same > > interface. I tried to use logical interfaces to fool ipf but ipnat does > > not accept "bge0:1" (btw: Solaris 8/9 is the environment for this). > > > > I have thought of configuring loopback (127.x.x.x) addresses inside the > > application and redirecting these to the stunnel service ports; this > > might work (not yet tested) but is really ugly ... > > > > Maybe someone has done something similar before ... ? > > I would redirect to local address on lo0. If ipf lets you get > to lo0, I know solaris' loopback is a little odd compared to > other operating systems. > > I do something like this at home for transparent web caching, > using ipf 4.x on NetBSD.
Could you provide the rules you use? I tried rdr lo0 127.0.0.2 port 80 -> 10.151.4.13 port 80 together with 'ifconfig lo0 plumb', 'ifconfig lo0 addif 127.0.0.2 up', 'route add 127.0.0.2/32 127.0.0.1 -iface' but without luck. With this rule I thought it is possible to do 'telnet 127.0.0.2 80' from the local machine which then is redirected to a remote machine currently running an apache for test purpose. > > - Chris -- Heiko Nardmann (Dipl.-Ing. Technische Informatik) secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de), Weidenauer Str. 223-225, D-57076 Siegen Tel. : +49 271 48950-13, Fax : +49 271 48950-50
pgpUgwOp3uWYP.pgp
Description: PGP signature
