On 2013-08-03 20:24, Ruben Cardenal wrote:
And did the iptables part:
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
Debugging the whole thing, it can be seen that stunnel tries to connect:
[pid 16823] connect(9, {sa_family=AF_INET, sin_port=htons(1357), sin_addr=inet_addr("195.78.X.X")}, 16) = -1 EINPROGRESS (Operation now in progress)
BUT the service running in 1357 does this:
# tcpdump -i eth1 -n port 1357 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 19:52:52.586773 IP 195.78.X.X.1357 > MY_HOME_ADDRESS.34853: Flags [S.], seq 2655966098, ack 546202865, win 5840, options [mss 1460,nop,nop,sackOK], length 0
It looks like you configured your server and stunnel on the same host. As the result returning packets won't ever hit the PREROUTING chain of the mangle table, thus stunnel won't receive them. http://www.iptables.info/en/structure-of-iptables.html
I'm sure the documentation I wrote could be better...
Mike