[stunnel-users] Stunnel in transparent mode

Luis Monteiro luis.monteiro440 at gmail.com
Tue Jan 15 03:01:57 CET 2019

Hi fellows.

I´m from Brazil and I´m trying to use Stunnel as a TLS proxy in a bed test
environment. I´m using a traffic generator from Ixia (Breakingpoint).

The bed test is:


|-------------------|      |-------------------||--------------------|

| Client |>>>>>>>>>>>>| Stunnel Client|>>>>>>>>>>>>>>>>>>| Stunnel
Server|>>>>>>>>>>>>>>>>>> | Server |

|-------------------|              ens224 |-------------------|ens192


I´m capturing the packets in all 3 points so I can see exactly what is

I tested without transparent proxy and worked fine.

I test with transparent = source with the additional conf bellow in both
Stunnel and worked fine as well.

iptables -t mangle -N DIVERT

iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A DIVERT -j MARK --set-mark 1

iptables -t mangle -A DIVERT -j ACCEPT

ip rule add fwmark 1 lookup 100

ip route add local dev lo table 100

echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter

iptables -t nat -A PREROUTING -i ens224 -p tcp --dport 80 -j DNAT


I tested transparent = destination with several modification from the config
bellow without success. No conf delivery packets with on the
Stunnel Client ens192 via to be accept on Stunnel server

/sbin/iptables -I INPUT -i ens192 -p tcp --dport 8080 -j ACCEPT

/sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 \

        -i ens192 -j DNAT --to-destination

Any help to show me what is wrong would be appreciated.

Thanks in advanced,

Luis Monteiro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190115/8e2aafe7/attachment.html>

More information about the stunnel-users mailing list