Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    STUNNEL Transparent Source

    General pfSense Questions
    2
    2
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sberger381
      last edited by

      Hello,

      I have to terminate POP3S,IMAPS,SMTPS on our
      Firewall (SSL Offloading) and Forward the
      unencrypted Sessions to our Loadbalancer.
      Everything is working fine when i don't use
      STUNNEL with option "transparent=source"
      but i need to have the Client Source IP transparently
      forwarded to our Backendservers.

      Client -> PFSENSE-FW (STUNNEL) -> PFSENSE-LOADBALANCER(HAPROXY) -> BACKENDSERVER

      Client connects to STUNNEL via TLS/SSL
      STUNNEL send SYN to HAPROXY with ClientIP as Source
      HAPROXY send SYN,ACK to ClientIP

      So i have to rewrite the Retrun-Packets from HAPROXY to go into
      the STUNNEL.
      I have to change Destination-IP from the Return-Packets to match
      the IP Address from STUNNEL.

      Is there any posibility to do this ? ( do I need ipfw for this)
      Or somebody knows any other Method for SSL offloading and transparent
      Client-IP forwarding ?

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        If you are willing to switch to haproxy-devel (1.5) it should be able to do both ssl-offloading and transparent-clientip. Also in the background it will create the needed ipfw rules.

        How good of a job it will do for pop3s / imaps / smtps.. i have no experience there.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.