[stunnel-users] misconfiguration of transparent proxy

• Previous message (by thread): [stunnel-users] problem running on Mac OS X
• Next message (by thread): [stunnel-users] misconfiguration of transparent proxy
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,
is there any way to use stunnel to proxy a connection without using encryption?
I have an application that is listening on 0.0.0.0:port but which
refuses connection if not coming from localhost:port and that
application is reachable only with telnet, with no encryption.

I have found a possible configuration that is the following:

chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
pid = /stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /var/log/stunnel.log
transparent=yes
[AppSrv01]
accept = 5776
connect = 4776
[AppSrv02]
accept = 5777
connect = 4777

but it seems not working: that is the log.

2011.07.06 11:08:20 LOG5[30375:47349987463360]: stunnel 4.15 on
x86_64-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
2011.07.06 11:08:20 LOG5[30375:47349987463360]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2011.07.06 11:08:20 LOG6[30375:47349987463360]: file ulimit = 1024
(can be changed with 'ulimit -n')
2011.07.06 11:08:20 LOG6[30375:47349987463360]: poll() used - no
FD_SETSIZE limit for file descriptors
2011.07.06 11:08:20 LOG5[30375:47349987463360]: 500 clients allowed
2011.07.06 11:08:20 LOG7[30375:47349987463360]: FD 4 in non-blocking mode
2011.07.06 11:08:20 LOG7[30375:47349987463360]: FD 5 in non-blocking mode
2011.07.06 11:08:20 LOG7[30375:47349987463360]: FD 6 in non-blocking mode
2011.07.06 11:08:20 LOG7[30375:47349987463360]: SO_REUSEADDR option
set on accept socket
2011.07.06 11:08:20 LOG7[30375:47349987463360]: AppSrv01 bound to 0.0.0.0:5776
2011.07.06 11:08:20 LOG7[30375:47349987463360]: FD 7 in non-blocking mode
2011.07.06 11:08:20 LOG7[30375:47349987463360]: SO_REUSEADDR option
set on accept socket
2011.07.06 11:08:20 LOG7[30375:47349987463360]: AppSrv02 bound to 0.0.0.0:5777
2011.07.06 11:08:20 LOG7[30376:47349987463360]: Created pid file /stunnel.pid
2011.07.06 11:08:30 LOG7[30376:47349987463360]: AppSrv01 accepted FD=8
from 10.0.1.11:41922
2011.07.06 11:08:30 LOG7[30376:1094314304]: AppSrv01 started
2011.07.06 11:08:30 LOG7[30376:1094314304]: FD 8 in non-blocking mode
2011.07.06 11:08:30 LOG7[30376:1094314304]: TCP_NODELAY option set on
local socket
2011.07.06 11:08:30 LOG7[30376:1094314304]: FD 9 in non-blocking mode
2011.07.06 11:08:30 LOG7[30376:1094314304]: FD 10 in non-blocking mode
2011.07.06 11:08:30 LOG7[30376:47349987463360]: Cleaning up the signal pipe
2011.07.06 11:08:30 LOG6[30376:47349987463360]: Child process 30384
finished with code 0
2011.07.06 11:08:30 LOG7[30376:1094314304]: Connection from
10.0.1.11:41922 permitted by libwrap
2011.07.06 11:08:30 LOG5[30376:1094314304]: AppSrv01 connected from
10.0.1.11:41922
2011.07.06 11:08:30 LOG7[30376:1094314304]: SSL state (accept):
before/accept initialization
2011.07.06 11:08:43 LOG3[30376:1094314304]: SSL_accept: 140760FC:
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2011.07.06 11:08:43 LOG5[30376:1094314304]: Connection reset: 0 bytes
sent to SSL, 0 bytes sent to socket
2011.07.06 11:08:43 LOG7[30376:1094314304]: AppSrv01 finished (0 left)


and from the standard out I get:
2011.07.06 11:08:20 LOG7[30375:47349987463360]: Snagged 64 random
bytes from /home/user/.rnd
2011.07.06 11:08:20 LOG7[30375:47349987463360]: Wrote 1024 new random
bytes to /home/user/.rnd
2011.07.06 11:08:20 LOG7[30375:47349987463360]: RAND_status claims
sufficient entropy for the PRNG
2011.07.06 11:08:20 LOG6[30375:47349987463360]: PRNG seeded successfully
2011.07.06 11:08:20 LOG7[30375:47349987463360]: Certificate:
/etc/stunnel/stunnel.pem
2011.07.06 11:08:20 LOG7[30375:47349987463360]: Key file:
/etc/stunnel/stunnel.pem
2011.07.06 11:08:20 LOG7[30375:47349987463360]: SSL context
initialized for service AppSrv01
2011.07.06 11:08:20 LOG7[30375:47349987463360]: Certificate:
/etc/stunnel/stunnel.pem
2011.07.06 11:08:20 LOG7[30375:47349987463360]: Key file:
/etc/stunnel/stunnel.pem
2011.07.06 11:08:20 LOG7[30375:47349987463360]: SSL context
initialized for service AppSrv02


What happens connecting with telnet is:
Trying 10.0.2.140...
Connected to server.
Escape character is '^]'.

It seems the connection is successful but with tcpdump I see nothing
and moreover I see nothing also in the application log. If I type
something nothing happens.
It seems that the flow is not passed to the destination port.

Do you have any hint?


Thanks!

-- 
Marco

• Previous message (by thread): [stunnel-users] problem running on Mac OS X
• Next message (by thread): [stunnel-users] misconfiguration of transparent proxy
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]