Michael Renner wrote: 
On Friday 23 January 2009, Bill Eldridge wrote:
  
Michael Renner wrote:
    
On Friday 23 January 2009, Bill Eldridge wrote:
      
I was interested in whether there's a simple
way to have stunnel redirect traffic from a public Web browser/port
to my home Web browser behind my DSL firewall
(no ports opened/forwarded for incoming connections on the router,
only outgoing-initiated)
        
Moin,

it is not clear to what you want to do. From a public web browser to your
home web browser?

Can you clarify your setup?
      
As an example if I run Apache on my home machine, I'd like it to start
the tunnel when
I turn it on, have it automatically set up stunnel to a Linux box I have
on the public net,
and have anything to port 8090 on the Linux box get passed to my home
machine 8080.
    
Even this is the stunnel list, I recommend to use a reverse ssh tunnel 
together with netcat to do this.
The particular reason has to do with having stunnel on all of the boxes I'm interested
in and not having ssh on all of them. (The reasoning is a bit more convoluted than that,
but let's just say I'm interested in doing this with stunnel in particular if possible, not
alternative  approaches, but thanks, yes, the ssh approach is very straightforward.

So, can stunnel create an outgoing tunnel from behind a firewall for the Web server to
follow back in (similar to the ssh scenario you describe? Though actually you don't
need the netcat portion there: ssh -R handles all of that fine)
Setup netcat as an inetd application listening to port 8090 and redirect 
anything to localhost:8080 at the remote host.

At your local maschine (with the apache) start a reverse ssh tunnel, redirect 
anything from localhost:8080 (in this case your remote maschine) to your 
local machine:8080

home # ssh -R 8080:localhost:8090 user@remote
You should use a key to get rid of the password question!

Add a line like this to the remote /etc/inetd.conf:
8090 stream tcp nowait nobody /usr/bin/nc /usr/bin/nc  localhost 8080

CU