Re: Q: reflector/rdr on same interface?

Nardmann, Heiko wrote:
> Hi,
>
> in the documentation it is stated that I cannot use rdr as a reflector, i.e.
> if both in and out traffic go through the same interface. Now I wonder how
> solve the following situation.
>
> I have a client application where I configure ip addresses of servers to
> contact. Problem is that the customer wants SSL and the application is not
> SSL-aware. So I want to use stunnel on the same machine for tunneling. But
> how do I now redirect the application requests (to the target ips) to my
> local stunnel ports. Based on the routing both application requests and final
> stunnel requests go via the same interface. I tried to use logical interfaces
> to fool ipf but ipnat does not accept "bge0:1" (btw: Solaris 8/9 is the
> environment for this).
>
> I have thought of configuring loopback (127.x.x.x) addresses inside the
> application and redirecting these to the stunnel service ports; this might
> work (not yet tested) but is really ugly ...
>
> Maybe someone has done something similar before ... ?

I would redirect to local address on lo0. If ipf lets you get
to lo0, I know solaris' loopback is a little odd compared to
other operating systems.

I do something like this at home for transparent web caching,
using ipf 4.x on NetBSD.

- Chris