[stunnel-users] hostapd & stunnel
Johannes Eckhardt
johannes.eckhardt at informatixx.net
Mon May 20 14:22:44 CEST 2019
Hi,
I'm running stunnel 5.39 on a Raspberry Pi with Raspbian 9 (stretch).
The Pi has two network interfaces (eth0, wlan0) and I'm running an
access point with hostapd. What I want to do is to route all traffic
from my wifi-clients (connected via wlan0) through stunnel/socks.
working iptables configuration to access the internet from eth0/wlan0:
iptables -A FORWARD -i eth0 -o wlan0 -m state --state \
RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
if add the following lines (from stunnel.org) local traffic on eth0 goes
to the stunnel-server but my wireless clients can't access the internet
anymore. I tried several configurations, but without success...
# stunnel socks
iptables -t nat -A OUTPUT -p tcp -d TARGET-SERVER --dport 9080 -j ACCEPT
iptables -t nat -A OUTPUT -o lo -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 9050 -j ACCEPT
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 9051
iptables -t nat -A PREROUTING -p tcp --dport 9050 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 9051
# /etc/stunnel/stunnel.conf
[SOCKS Client Direct]
client = yes
PSKsecrets = secrets.txt
accept = :::9050
connect = TARGET-SERVER:9080
[SOCKS Client Transparent IPv4]
client = yes
PSKsecrets = secrets.txt
accept = 127.0.0.1:9051
connect = TARGET-SERVER:9080
protocol = socks
Has anyone a solution for that?
Best regards,
Johannes
More information about the stunnel-users
mailing list