Hi fellows. I´m from Brazil and I´m trying to use Stunnel as a TLS proxy in a bed test environment. I´m using a traffic generator from Ixia (Breakingpoint). The bed test is: |-------------------| 6.0.0.1 |-------------------|9.0.0.1 9.0.0.2|--------------------|7.0.0.2 |--------------------| | Client 6.0.0.2 |>>>>>>>>>>>>| Stunnel Client|>>>>>>>>>>>>>>>>>>| Stunnel Server|>>>>>>>>>>>>>>>>>> | Server 7.0.0.2 | |-------------------| ens224 |-------------------|ens192 ens224|--------------------|ens192 |--------------------| I´m capturing the packets in all 3 points so I can see exactly what is happening. I tested without transparent proxy and worked fine. I test with transparent = source with the additional conf bellow in both Stunnel and worked fine as well. iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter iptables -t nat -A PREROUTING -i ens224 -p tcp --dport 80 -j DNAT --to-destination 6.0.0.1:8080 I tested transparent = destination with several modification from the config bellow without success. No conf delivery packets with 7.0.0.2:443 on the Stunnel Client ens192 via 9.0.0.1 to be accept on Stunnel server 9.0.0.2:443. /sbin/iptables -I INPUT -i ens192 -p tcp --dport 8080 -j ACCEPT /sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 \ -i ens192 -j DNAT --to-destination 9.0.0.1:443 Any help to show me what is wrong would be appreciated. Thanks in advanced, Luis Monteiro