[stunnel-users] stunnel transparent mode
Julian D. Seifert
spam at julian-seifert.de
Thu Aug 18 13:26:06 CEST 2011
Am 18.08.2011 13:13, schrieb Michal Trojnara:
> On Thu, 18 Aug 2011 13:05:00 +0200, Julian D. Seifert wrote:
>> lsmod | grep -ie tprox
>> xt_TPROXY 1165 0
>> nf_defrag_ipv4 1073 2 xt_TPROXY,xt_socket
>> nf_tproxy_core 1608 2 xt_TPROXY,xt_socket,[permanent]
>> x_tables 14299 4 xt_TPROXY,xt_MARK,xt_socket,ip_tables
>
> Interesting. What is the output of:
> iptables -t mangle -v -n -L
> ?
iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 212 packets, 53634 bytes)
pkts bytes target prot opt in out source
destination
1068 1567K DIVERT tcp -- * * 0.0.0.0/0
0.0.0.0/0 socket
Chain INPUT (policy ACCEPT 1127 packets, 1574K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 359 packets, 26078 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 359 packets, 26078 bytes)
pkts bytes target prot opt in out source
destination
Chain DIVERT (1 references)
pkts bytes target prot opt in out source
destination
1068 1567K MARK all -- * * 0.0.0.0/0
0.0.0.0/0 MARK xset 0x1/0xffffffff
1068 1567K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
>
> Please also include a longer sample of the debug log.
It's from the lab environment (As all infos are) the only difference is
private ip space
Client is 192.168.0.102, Server(stunnel)192.168.0.103
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078105408]: local socket:
FD=0 allocated (n
on-blocking mode)
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078105408]: Service ircd
accepted FD=0 from
192.168.0.102:63723
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: Service ircd started
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: Option
TCP_NODELAY set on local
socket
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: Waiting for a
libwrap process
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: Acquired libwrap
process #0
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: Releasing libwrap
process #0
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: Released libwrap
process #0
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: Service ircd
permitted by libwr
ap from 192.168.0.102:63723
Aug 18 04:23:09 ubuntu stunnel: LOG5[2029:3078101872]: Service ircd
accepted connectio
n from 192.168.0.102:63723
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): before/acce
pt initialization
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 read
client hello A
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 write
server hello A
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 write certificate A
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 write server done A
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 flush data
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 read client key exchange A
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 read finished A
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 write change cipher spec A
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 write finished A
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: SSL state
(accept): SSLv3 flush data
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 4 items in the
session cache
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 0 client
connects (SSL_connect())
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 0 client
connects that finished
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 0 client
renegotiations requested
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 4 server
connects (SSL_accept())
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 4 server
connects that finished
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 0 server
renegotiations requested
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 0 session
cache hits
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 0 external
session cache hits
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 0 session
cache misses
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: 0 session
cache timeouts
Aug 18 04:23:09 ubuntu stunnel: LOG6[2029:3078101872]: SSL accepted: new
session negotiated
Aug 18 04:23:09 ubuntu stunnel: LOG6[2029:3078101872]: Negotiated
ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: remote socket:
FD=1 allocated (non-blocking mode)
Aug 18 04:23:09 ubuntu stunnel: LOG6[2029:3078101872]: local_bind
succeeded on the original port
Aug 18 04:23:09 ubuntu stunnel: LOG6[2029:3078101872]: connect_blocking:
connecting 192.168.0.103:6667
Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: connect_blocking:
s_poll_wait 192.168.0.103:6667: waiting 10 seconds
Aug 18 04:23:19 ubuntu stunnel: LOG3[2029:3078101872]: connect_blocking:
s_poll_wait 192.168.0.103:6667: TIMEOUTconnect exceeded
Aug 18 04:23:19 ubuntu stunnel: LOG5[2029:3078101872]: Connection reset:
0 bytes sent to SSL, 0 bytes sent to socket
Aug 18 04:23:19 ubuntu stunnel: LOG7[2029:3078101872]: Service ircd
finished (0 left)
Aug 18 04:23:19 ubuntu stunnel: LOG7[2029:3078101872]: str_stats: 0
block(s), 0 byte(s)
>
> Mike
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list