On 2013-01-24 01:45, Alex Needham wrote:
Config B - Not so good connect = 192.168.1.1:80 http://192.168.1.1:80 <- inside interface of stunnel box
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 http://0.0.0.0/0 dev lo table 100
/etc/sysctl.conf no route filtering and forwarding is on
am i trying something impossible? or am i missing something?
Returning packets originated from a local process never reach PREROUTING table: http://www.sysresccd.org/Sysresccd-Networking-EN-Destination-port-routing#Ov... As the result they are routed to the client directly rather than via stunnel.
I don't think it's possible to route packets directly from one local process to another local process. I'd try to use the OUTPUT chain to redirect packets to a virtual interface (e.g. GRE), and then PREROUTING could catch packets the other side of the tunnel.
BTW: tcpdump is your friend!
Mike