[stunnel-users] stunnel OK without "transparent = source", with = timeout problem
Elodie BOSSIER
elodieuse at gmail.com
Thu Jul 28 12:25:19 CEST 2011
Greetings again,
Thanks so much to have updated the manual about SNI, my stunel works
correctly.
But i have a tiny problem, when i visit my webserver, the
SERVER['REMOTE_ADDR'] with PHP isn't the ip adress of the visitor but
the IP of the stunnel.
I have read the manual about this transparent proxy and i don't sucess
with the configuration.
This is my config file :
pid = /stunnel.pid
options = NO_SSLv2
transparent = source
[virtual]
accept = 443
cert = /usr/local/openssl/etc/CERTIFICATES/www.franceserv.fr_cert.cert
key = /usr/local/openssl/etc/PRIVATE_KEYS/www.franceserv.fr_key.pem
connect = www.franceserv.fr:80
[sni1]
sni = virtual:elodie.franceserv.com
cert = /etc/ssl-fsh/cert-elodie.franceserv.com.pem
key = /etc/ssl-fsh/key-franceserv.key
connect = elodie.franceserv.com:80
[sni2]
sni = virtual:befun.franceserv.com
cert = /etc/ssl-fsh/cert-befun.franceserv.com.pem
key = /etc/ssl-fsh/key-franceserv.key
connect = befun.franceserv.com:80
It's don't work, i have a timeout with my browser.
With iptables, i have set this :
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
My stunnel is on the server 192.168.0.20 and the webserver on 192.168.0.2
I try to follow the help of
http://www.stunnel.org/static/stunnel.html#service_level_options
with : transparent = none | source | destination | both (Unix only)
Could you tell me what i make wrong please ?
More information about the stunnel-users
mailing list