[prev in list] [next in list] [prev in thread] [next in thread] 

List:       stunnel-users
Subject:    [stunnel-users] hostapd & stunnel
From:       Johannes Eckhardt <johannes.eckhardt () informatixx ! net>
Date:       2019-05-20 12:22:44
Message-ID: b9b37623-506b-50d5-7ec5-f64341e9f89b () informatixx ! net
[Download RAW message or body]

Hi,

I'm running stunnel 5.39 on a Raspberry Pi with Raspbian 9 (stretch). 
The Pi has two network interfaces (eth0, wlan0) and I'm running an 
access point with hostapd. What I want to do is to route all traffic 
from my wifi-clients (connected via wlan0) through stunnel/socks.

working iptables configuration to access the internet from eth0/wlan0:

iptables -A FORWARD -i eth0 -o wlan0 -m state --state \ 
RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;

if add the following lines (from stunnel.org) local traffic on eth0 goes 
to the stunnel-server but my wireless clients can't access the internet 
anymore. I tried several configurations, but without success...

# stunnel socks
iptables -t nat -A OUTPUT -p tcp -d TARGET-SERVER --dport 9080 -j ACCEPT
iptables -t nat -A OUTPUT -o lo -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 9050 -j ACCEPT
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 9051
iptables -t nat -A PREROUTING -p tcp --dport 9050 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 9051


# /etc/stunnel/stunnel.conf

[SOCKS Client Direct]
client = yes
PSKsecrets = secrets.txt
accept = :::9050
connect = TARGET-SERVER:9080

[SOCKS Client Transparent IPv4]
client = yes
PSKsecrets = secrets.txt
accept = 127.0.0.1:9051
connect = TARGET-SERVER:9080
protocol = socks

Has anyone a solution for that?

Best regards,

Johannes

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic