[stunnel-users] Choosing local 'source' IP? (again)

• Previous message (by thread): [stunnel-users] stunnel4 stealing my ports (listening on ports it shouldn't be)
• Next message (by thread): [stunnel-users] STunnel and the MAC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a repost, but the response I got last time said, 'use the
"local" option'...which does not appear to work.

Ok, so here's the problem: I've got stunnel handling SSL for a web-based
service that is otherwise too stupid to be able to talk https.  On the
same piece of hardware that runs this service (Virtuozzo if you must
know), I've set up stunnel to listen to ETH0_IP:443 and wrapper  them to
ETH0_IP:80, which is where VZ listens.  This works wonderfully.

Unfortunately, I need to set up a redirection rule inside this service
that bounces people back to the https:// page if they try to come in
over http.  Since said service isn't managing its own SSL, I have no
solid way of determining which connections are wrappered by stunnel and
which connections come in over the wire, save for by the IP address of
the connection.

Now, each piece of iron has two ethernet adapters, so I got the bright
idea to try and get stunnel to 'appear' to be connecting from the IP
address of the second adapter.  So, I set 'local = ETH1_IP' in
stunnel.conf, and...nada.  Still shows as connecting from ETH0_IP.  I've
screwed with socket options, read the source code for Stunnel, and so on.

Having read the source code and refreshed my knowledge of socket() and
connect(), is it really even possible to do what I want if stunnel is
running on the same system?

Oh, a ptrace of stunnel also yields the following:

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 8
fcntl64(8, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(8, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
bind(8, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("[ETH1_IP]")}, 16) = 0
connect(8, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("[ETH0_IP]")}, 16) = -1 EINPROGRESS (Operation now in
progress)

...and the connection inside of $CRAP_SYSTEM shows the connection as
coming from ETH0_IP.

So, I'm kind of at my wits' end here.  Any possible way to make this work?

Thanks-in-advance!

-- 
Don Werve <donw at iradeon.net>
Chief Systems Administrator / Systems Architect

• Previous message (by thread): [stunnel-users] stunnel4 stealing my ports (listening on ports it shouldn't be)
• Next message (by thread): [stunnel-users] STunnel and the MAC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]