[stunnel-users] stunnel transparent mode

Julian D. Seifert spam at julian-seifert.de
Thu Aug 18 13:50:46 CEST 2011


Am 18.08.2011 13:32, schrieb Michal Trojnara:
> On Thu, 18 Aug 2011 13:26:06 +0200, Julian D. Seifert wrote:
>> Aug 18 04:23:09 ubuntu stunnel: LOG6[2029:3078101872]: local_bind
>> succeeded on the original port
> 
> This time local_bind worked!
Sorry I think the bind error happened with transparent=both but I'll
have to recheck my log on that.

> 
>> Aug 18 04:23:09 ubuntu stunnel: LOG6[2029:3078101872]: connect_blocking:
>> connecting 192.168.0.103:6667
>> Aug 18 04:23:09 ubuntu stunnel: LOG7[2029:3078101872]: connect_blocking:
>> s_poll_wait 192.168.0.103:6667: waiting 10 seconds
>> Aug 18 04:23:19 ubuntu stunnel: LOG3[2029:3078101872]: connect_blocking:
>> s_poll_wait 192.168.0.103:6667: TIMEOUTconnect exceeded
> 
> Now there is a problem with routing.
> 
> Make sure you've configured:
>     ip rule add fwmark 1 lookup 100
>     ip route add local 0.0.0.0/0 dev lo table 100
>     echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter
Well I just run a script with the contents of the stunnel documentation
--- snip ---
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter
--- snap ---
root at ubuntu:~/stunnel-4.39/src# cat /proc/sys/net/ipv4/conf/lo/rp_filter
0
root at ubuntu:~/stunnel-4.39/src# ip rule show
0:	from all lookup local
32765:	from all fwmark 0x1 lookup 100
32766:	from all lookup main
32767:	from all lookup default
root at ubuntu:~/stunnel-4.39/src# ip ro show table 100
local default dev lo  scope host
root at ubuntu:~/stunnel-4.39/src#

> Use tcpdump to diagnose problems.
> 
Well I created a dump file (see appendix) but I'm not sure if there is a
problem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stunnel.dump
Type: application/octet-stream
Size: 9474 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110818/e6fc54cd/attachment.obj>


More information about the stunnel-users mailing list