This is a repost, but the response I got last time said, 'use the "local" option'...which does not appear to work.

Ok, so here's the problem: I've got stunnel handling SSL for a web-based service that is otherwise too stupid to be able to talk https. On the same piece of hardware that runs this service (Virtuozzo if you must know), I've set up stunnel to listen to ETH0_IP:443 and wrapper them to ETH0_IP:80, which is where VZ listens. This works wonderfully.

Unfortunately, I need to set up a redirection rule inside this service that bounces people back to the https:// page if they try to come in over http. Since said service isn't managing its own SSL, I have no solid way of determining which connections are wrappered by stunnel and which connections come in over the wire, save for by the IP address of the connection.

Now, each piece of iron has two ethernet adapters, so I got the bright idea to try and get stunnel to 'appear' to be connecting from the IP address of the second adapter. So, I set 'local = ETH1_IP' in stunnel.conf, and...nada. Still shows as connecting from ETH0_IP. I've screwed with socket options, read the source code for Stunnel, and so on.

Having read the source code and refreshed my knowledge of socket() and connect(), is it really even possible to do what I want if stunnel is running on the same system?

Oh, a ptrace of stunnel also yields the following:

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 8 fcntl64(8, F_GETFL) = 0x2 (flags O_RDWR) fcntl64(8, F_SETFL, O_RDWR|O_NONBLOCK) = 0 bind(8, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("[ETH1_IP]")}, 16) = 0 connect(8, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("[ETH0_IP]")}, 16) = -1 EINPROGRESS (Operation now in progress)

...and the connection inside of $CRAP_SYSTEM shows the connection as coming from ETH0_IP.

So, I'm kind of at my wits' end here. Any possible way to make this work?

Thanks-in-advance!