Hello, I'm interested to configure stunnel to allow my local non-TLS Web browser to receive pages from a remote server providing only HTTPS. This section of https://www.stunnel.org/static/stunnel.html appears relevant. transparent = none | source | destination | both (Unix only) enable transparent proxy support on selected platforms ... destination The original destination is used instead of the connect option. A service section for transparent destination may look like this: [transparent] client = yes accept = <stunnel_port> transparent = destination This configuration requires iptables setup to work, possibly in /etc/rc.local or equivalent file. ... For a connect target installed on a remote host: /sbin/iptables -I INPUT -i eth0 -p tcp --dport <stunnel_port> -j ACCEPT /sbin/iptables -t nat -I PREROUTING -p tcp --dport <redirected_port> \ -i eth0 -j DNAT --to-destination <local_ip>:<stunnel_port> The transparent destination option is currently only supported on Linux. ==================================== Substitution of parameters for my context gives these configurations.. [transparent] client = yes accept = 127.0.0.1:954 transparent = destination /sbin/iptables -I INPUT -i eth0 -p tcp --dport 954 -j ACCEPT /sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 \ -i eth0 -j DNAT --to-destination 127.0.0.1:954 The non-TLS browser would address http://www.stunnel.org:954/ and receive the page from https://www.stunnel.org:443/. According to Wikipedia, 954 is not assigned. The browser would continue to receive the page http://www.website.org/ without involvement of stunnel or iptables. Plausible? Thanks, ... P. -- 123456789 123456789 123456789 123456789 123456789 123456789 123456789 Tel: +1 360 639 0202 Pender Is.: +1 250 629 3757 http://easthope.ca/Peter.html Bcc: peter at easthope. ca