I am familiar with the stunnel.conf and I know how to specify which unencrypted ports it listens to and to which encrypted ports it redirects, but I would like to understand how it gets the power to "snatch" the packets from a server listening on the same unencrypted ports.
That is, if I have a database client wishing to communicate over unencrypted port 777 and a database server normally listening on that port and communicating with the client. Now I want stunnel to take over, so I run stunnel on both the client side and the server side, listening on port 777 and redirecting traffic to encrypted port 8888. Now the client does not know about stunnel, it keeps communicating over port 777, but both stunnel and the database server are listening on port 777… so how does stunnel snatch the client's packets before they arrive at the database server?
Best Answer
It doesn't; the application needs to be configured to point to the tunnel endpoint.
In the case you're referring to, the client would need to be reconfigured to point to the local stunnel listener, which will wrap the connection data and send it to the server according to the stunnel configuration.
There's also "transparent proxy" mode, which involves explicitly sending the traffic to the stunnel process with iptables, but isn't often used.