[stunnel-users] stunnel with smb from 2 networks behind firewalls

Philippe Schelté phil at migratis.net
Wed Mar 21 12:29:37 CET 2012


Hi, I have found more logs on the samba server (PCB) :

Mar 21 12:20:52 server stunnel: LOG5[30981:140479608870656]: Service 
[smb] accepted connection from 193.252.168.91:50146
Mar 21 12:20:52 server stunnel: LOG5[30981:140479608870656]: 
connect_blocking: connected 127.0.0.1:139
Mar 21 12:20:52 server stunnel: LOG5[30981:140479608870656]: Service 
[smb] connected remote server from 127.0.0.1:60207
Mar 21 12:21:22 server stunnel: LOG5[30981:140479608870656]: Error 
detected on SSL (read) file descriptor: Connection reset by peer (104)
Mar 21 12:21:22 server stunnel: LOG5[30981:140479608870656]: Connection 
reset: 0 byte(s) sent to SSL, 143 byte(s) sent to socket
Mar 21 12:21:22 server smbd[6540]: [2012/03/21 12:21:22.172924,  0] 
lib/util_sock.c:474(read_fd_with_timeout)
Mar 21 12:21:22 server smbd[6540]: [2012/03/21 12:21:22.173026,  0] 
lib/util_sock.c:1441(get_peer_addr_internal)
Mar 21 12:21:22 server smbd[6540]:   getpeername failed. Error was 
Transport endpoint is not connected
Mar 21 12:21:22 server smbd[6540]:   read_fd_with_timeout: client 
0.0.0.0 read error = Connection reset by peer.

So it seems that the connection is able to cross stunnel and reach 
samba, but does samba do this error because of stunnel or because of 
itself ?

Best

Philippe



Le 20/03/2012 11:26, Philippe a écrit :
> On Tue, 20 Mar 2012 11:13:38 +0100, Philippe wrote:
>> ok that's clear, but why things are not working when i disable fips
>> on the PCB ? It should work with the setting sslVersion = SSLv3 at
>> both ends.
>
> oups sorry I mean disabling fips on PCA, I recall the scheme :
>
> [PCA]-----[Firewall-A]-----{INTERNET}-----[45.212.56.178:21213|Firewall-B|192.168.0.1:8139]----[PCB] 
>
>
> Best
>
> philippe
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users





More information about the stunnel-users mailing list