What does the tcpdump indicate? Are the failed connections getting dropped or reset on the computer that's forwarding or are they actually arriving at the stunnel server? If they make it to the stunnel server what does tcpdump indicate at that connection point.
The connections are actually forwarded by a router, not a computer.
The connections arrive at the stunnel server. The following is the tcpdump from the stunnel server. All the traffic of a failed connection is there. After about 20 seconds Seamonkey gives up saying "Network Error".
I've added empty lines to make the text a bit more legible.
---------------------------------------------------------------- 14:57:07.990693 IP (tos 0x20, ttl 116, id 62395, offset 0, flags [DF], proto: TCP (6), length: 48) 131.177.254.92.3792 > 192.168.20.18.https: S, cksum 0x5509 (correct), 1333491727:1333491727(0) win 65535 <mss 1260,nop,nop,sackOK>
14:57:10.906554 IP (tos 0x20, ttl 116, id 62429, offset 0, flags [DF], proto: TCP (6), length: 48) 131.177.254.92.3792 > 192.168.20.18.https: S, cksum 0x5509 (correct), 1333491727:1333491727(0) win 65535 <mss 1260,nop,nop,sackOK>
14:57:16.916385 IP (tos 0x20, ttl 116, id 62499, offset 0, flags [DF], proto: TCP (6), length: 48) 131.177.254.92.3792 > 192.168.20.18.https: S, cksum 0x5509 (correct), 1333491727:1333491727(0) win 65535 <mss 1260,nop,nop,sackOK> ----------------------------------------------------------------
As you can see, there is nothing coming back from the server. And since tcpdump saw the incoming call, stunnel should see it too. They are on the same machine.
It's so strange: at one time I connect the server, and it forwards the traffic just the way it should. Then quite inexplicably, it just won't do it...and then it forwards it again. I have no clue what makes it to not work and then to work again. I don't need to restart the server, I'm not changing anything. It's like there would be some kind of an internal timer, but that doesn't make any sense. And there has been only one connection attempt at a time, so it can't be the excess of traffic either.
Tommi