[stunnel-users] 1 tunnel client to few different servers

Peter Pentchev roam at ringlet.net
Wed Dec 26 17:35:09 CET 2007


On Wed, Dec 26, 2007 at 04:53:26PM +0200, Shalvi Ziv wrote:
> All,
> 
> As my PROXY server gets requests from end-users to be proxied to several
> different content providers (SMS servers), I was wondering how can
> encrypt the traffic between the PROXY to the SMS using stunnel, but
> still handle the differentiation to the various content providers.
> 
> Meaning, my PROXY listens on port 9090 for all incoming SMS requests and
> each request should be addressed to different SMS server (i.e. different
> content provider) based on the number the message was sent to.
> 
> See following example:
> 
> 	Client = yes
> 	[SMPP]
> 	accept = 9090 (should always be this port)
> 	connect = <SMS IP>:442
> 
> Now, how can I do it with stunnel configuration (having the <SMS IP>
> flexibly assigned according to other parameters in the packet)? 

You can't do this directly; however, there is a way, if your proxy
supports it.

Just have several instances of stunnel on the proxy host (or some
other machine nearby), each one listening on a different port and
forwarding the data over a secure connection to a different provider.
Then, you may have the proxy redirect the requests to those stunnel
instances based on which provider the request is for.

The simplest configuration would be to have all stunnel instances
listen on different ports on the loopback address (localhost, 127.0.0.1)
of the proxy machine; this way, you are certain that the proxy can
connect to them and that no one else is able to.

All you have to do now is figure out a way to have your proxy connect
to different servers "based on other parameters in the packet".

Hope that helps.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence contradicts itself - or rather - well, no, actually it doesn't!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20071226/df8f8ac9/attachment.sig>


More information about the stunnel-users mailing list