[stunnel-users] stunnel with smb from 2 networks behind firewalls

Philippe phil at migratis.net
Mon Mar 19 14:19:00 CET 2012


oups look like I was reading the false stunnel.log here is what does 
find logcheck :

Mar 19 13:47:14 server stunnel: LOG5[21517:139783982704384]: Service 
smb accepted connection from 196.25.36.134:50005
Mar 19 13:47:14 server stunnel: LOG5[21517:139783982704384]: 
connect_blocking: connected 127.0.0.1:139
Mar 19 13:47:14 server stunnel: LOG5[21517:139783982704384]: Service 
smb connected remote server from 127.0.0.1:50215
Mar 19 13:47:44 server stunnel: LOG5[21517:139783982704384]: Error 
detected on SSL (read) file descriptor: Connection reset by peer (104)
Mar 19 13:47:44 server stunnel: LOG5[21517:139783982704384]: Connection 
reset: 0 bytes sent to SSL, 143 bytes sent to socket

So it looks like a SSL parameter problem.

I have on both side :

sslVersion = TLSv1

because the PCB stunnel doesn't start if I set SSLv2
and the PCA stunnel is crashing when I set SSLv3

What can I do then ?

Best

Philippe

On Mon, 19 Mar 2012 13:57:44 +0100, Philippe wrote:
> Hello,
>
> Here is my setup :
>
> 
> [PCA]-------------[Firewall-A]---------------{INTERNET}-----------[45.212.56.178:21213|Firewall-B|192.168.0.1:8139]--------[PCB]
>
> PCA : Windows 7
> stunnel.conf :
>
> [smb]
> client = yes
> accept = 10.232.232.232:139
> connect = 45.212.56.178:21213
>
> PCB : Ubuntu Oneiric 11.10
> stunnel.conf :
>
> [smb]
> accept = 8139
> connect = 139
>
> When I try to connect a network drive from PCA to a remote drive of 
> PCB
>
> here are the stunnel.log of PCA :
>
> 2012.03.19 13:47:02 LOG5[3744:2564]: Reading configuration from file
> stunnel.conf
> 2012.03.19 13:47:02 LOG5[3744:2564]: FIPS mode is enabled
> 2012.03.19 13:47:02 LOG7[3744:2564]: Compression not enabled
> 2012.03.19 13:47:02 LOG7[3744:2564]: Snagged 64 random bytes from 
> C:/.rnd
> 2012.03.19 13:47:02 LOG7[3744:2564]: Wrote 0 new random bytes to 
> C:/.rnd
> 2012.03.19 13:47:02 LOG7[3744:2564]: PRNG seeded successfully
> 2012.03.19 13:47:02 LOG6[3744:2564]: Initializing SSL context for 
> service smb
> 2012.03.19 13:47:02 LOG7[3744:2564]: Certificate: stunnel.pem
> 2012.03.19 13:47:02 LOG7[3744:2564]: Certificate loaded
> 2012.03.19 13:47:02 LOG7[3744:2564]: Key file: stunnel.pem
> 2012.03.19 13:47:02 LOG7[3744:2564]: Private key loaded
> 2012.03.19 13:47:02 LOG7[3744:2564]: SSL options set: 0x01000004
> 2012.03.19 13:47:02 LOG6[3744:2564]: SSL context initialized
> 2012.03.19 13:47:02 LOG5[3744:2564]: Configuration successful
> 2012.03.19 13:47:02 LOG7[3744:2564]: Service smb closed FD=200
> 2012.03.19 13:47:13 LOG5[3744:3940]: Service smb accepted connection
> from 10.232.232.232:50004
> 2012.03.19 13:47:13 LOG5[3744:3940]: connect_blocking: connected
> 45.212.56.178:21213
> 2012.03.19 13:47:13 LOG5[3744:3940]: Service smb connected remote
> server from 192.168.3.4:50005
> 2012.03.19 13:47:43 LOG3[3744:3940]: readsocket: Connection reset by
> peer (WSAECONNRESET) (10054)
> 2012.03.19 13:47:43 LOG5[3744:3940]: Connection reset: 143 bytes sent
> to SSL, 0 bytes sent to socket
>
> No logs on PCB
>
>
> it seems that the SSL connection doesn't cross the firewall B, if not
> I would saw logs in stunnel.log of PCB isn't it ?
> What can I do better to make this setup working ? Does the firewall B
> porforwarding is blocking the process ?
>
> Best regards
>
> Philippe
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users





More information about the stunnel-users mailing list