Hi,
I'm running stunnel 5.39 on a Raspberry Pi with Raspbian 9 (stretch). The Pi has two network interfaces (eth0, wlan0) and I'm running an access point with hostapd. What I want to do is to route all traffic from my wifi-clients (connected via wlan0) through stunnel/socks.
working iptables configuration to access the internet from eth0/wlan0:
iptables -A FORWARD -i eth0 -o wlan0 -m state --state \ RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
if add the following lines (from stunnel.org) local traffic on eth0 goes to the stunnel-server but my wireless clients can't access the internet anymore. I tried several configurations, but without success...
# stunnel socks iptables -t nat -A OUTPUT -p tcp -d TARGET-SERVER --dport 9080 -j ACCEPT iptables -t nat -A OUTPUT -o lo -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 9050 -j ACCEPT iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 9051 iptables -t nat -A PREROUTING -p tcp --dport 9050 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 9051
# /etc/stunnel/stunnel.conf
[SOCKS Client Direct] client = yes PSKsecrets = secrets.txt accept = :::9050 connect = TARGET-SERVER:9080
[SOCKS Client Transparent IPv4] client = yes PSKsecrets = secrets.txt accept = 127.0.0.1:9051 connect = TARGET-SERVER:9080 protocol = socks
Has anyone a solution for that?
Best regards,
Johannes
-
Johannes Eckhardt