Hello, because I haven't received any response on the forum I will ask the list - maybe someone on the list can help me
I have to terminate POP3S,IMAPS,SMTPS on our Firewall (SSL Offloading) and Forward the unencrypted Sessions to our Loadbalancer. Everything is working fine when i don't use STUNNEL with option "transparent=source" but i need to have the Client Source IP transparently forwarded to our Backendservers. Client -> PFSENSE-FW (STUNNEL) -> PFSENSE-LOADBALANCER(HAPROXY) -> BACKENDSERVER 1.)Client connects to STUNNEL via TLS/SSL and establish an session 2.)STUNNEL send SYN to HAPROXY with ClientIP as Source 3.)HAPROXY send SYN,ACK to ClientIP So i have to rewrite the Return-Packets from HAPROXY to go into the STUNNEL. I have to change Destination-IP from the Return-Packets to match the IP Address from STUNNEL. Is there any posibility to do this ? ( do I need ipfw for this ? , but there is no nat support ) Or somebody knows any other method for SSL offloading and transparent Client-IP forwarding ? I' have tried to do this with nat rules but it doesn't work (maybe I have to use divert in pf ) I'm using Pfsense 2.2 (64bit) in an Vpshere 4.1 environment Kind Regards Stefan _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
