Ok, so here's the problem: I've got stunnel handling SSL for a web-based service that is otherwise too stupid to be able to talk https. Unfortunately, I need to set up a redirection rule inside this service that bounces people back to the https:// page if they try to come in over http. Since said service isn't managing its own SSL, I have no solid way of determining which connections are wrappered by stunnel and which connections come in over the wire, and if I bounce stunnel connections, I end up in an infinite loop.

Fortunately, all stunnel connections give a REMOTE_IP of the second ethernet adapter of the host system, which is good. My question is, how do I configure stunnel to 'force' this behavior? E.g., I want to explicitly specify in stunnel.conf 'Connect to the service for which you are acting as a wrapper from *this* IP/interface'.

I've tried the 'local = ' option and setting socket flags for 'l' and 'r', and while they don't break anything, I can't use them to force a connection from any other adapter, so I don't think they are doing what I need. This wouldn't be an issue, either, except I don't know how stunnel determines this, and I don't want to (at some point in the future) have things 'magically change' (read: break horribly).

Thanks-in-advance!