[stunnel-users] Choosing local 'source' IP?

Don Werve donw at iradeon.net
Fri Feb 17 22:20:47 CET 2006

Ok, so here's the problem: I've got stunnel handling SSL for a web-based
service that is otherwise too stupid to be able to talk https.
Unfortunately, I need to set up a redirection rule inside this service
that bounces people back to the https:// page if they try to come in
over http.  Since said service isn't managing its own SSL, I have no
solid way of determining which connections are wrappered by stunnel and
which connections come in over the wire, and if I bounce stunnel
connections, I end up in an infinite loop.

Fortunately, all stunnel connections give a REMOTE_IP of the second
ethernet adapter of the host system, which is good.  My question is, how
do I configure stunnel to 'force' this behavior?  E.g., I want to
explicitly specify in stunnel.conf 'Connect to the service for which you
are acting as a wrapper from *this* IP/interface'.

I've tried the 'local = ' option and setting socket flags for 'l' and
'r', and while they don't break anything, I can't use them to force a
connection from any other adapter, so I don't think they are doing what
I need.  This wouldn't be an issue, either, except I don't know how
stunnel determines this, and I don't want to (at some point in the
future) have things 'magically change' (read: break horribly).


Don Werve <donw at iradeon.net>
Chief Systems Administrator / Systems Architect

More information about the stunnel-users mailing list