On 2013-08-04 00:02, Rubén Cardenal wrote: > So: service's box receives a SYN packet from my home IP address > (originated from stunnel's box), and answers with a proper ACK packet. > That's ok. But as that ACK reply has as destination an external IP, > goes to the box's default gateway (and not to the box where stunnel is > running) and gets lost.
The very purpose of of "transparent = source" is to make your server think it's connected directly by the clients. The returning packets obviously need to be routed back through the stunnel box to achieve this purpose. Otherwise the mangle PREROUTING tricks wouldn't make sense, would they? Using this feature is quite easy at the user-space level (this is what stunnel handles), but quite tricky at the kernel level (netfilter and routing configuration). A good HOWTO would be very useful. Mike
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
