[stunnel-users] Use stunnel through firewall for home Web server?

Bill Eldridge dcbill at volny.cz
Fri Jan 23 20:34:14 CET 2009

Michael Renner wrote:
> On Friday 23 January 2009, Bill Eldridge wrote:
>> Michael Renner wrote:
>>> On Friday 23 January 2009, Bill Eldridge wrote:
>>>> I was interested in whether there's a simple
>>>> way to have stunnel redirect traffic from a public Web browser/port
>>>> to my home Web browser behind my DSL firewall
>>>> (no ports opened/forwarded for incoming connections on the router,
>>>> only outgoing-initiated)
>>> Moin,
>>> it is not clear to what you want to do. From a public web browser to your
>>> home web browser?
>>> Can you clarify your setup?
>> As an example if I run Apache on my home machine, I'd like it to start
>> the tunnel when
>> I turn it on, have it automatically set up stunnel to a Linux box I have
>> on the public net,
>> and have anything to port 8090 on the Linux box get passed to my home
>> machine 8080.
> Even this is the stunnel list, I recommend to use a reverse ssh tunnel 
> together with netcat to do this.
The particular reason has to do with having stunnel on all of the boxes 
I'm interested
in and not having ssh on all of them. (The reasoning is a bit more 
convoluted than that,
but let's just say I'm interested in doing this with stunnel in 
particular if possible, not
alternative  approaches, but thanks, yes, the ssh approach is very 

So, can stunnel create an outgoing tunnel from behind a firewall for the 
Web server to
follow back in (similar to the ssh scenario you describe? Though 
actually you don't
need the netcat portion there: ssh -R handles all of that fine)
> Setup netcat as an inetd application listening to port 8090 and redirect 
> anything to localhost:8080 at the remote host.
> At your local maschine (with the apache) start a reverse ssh tunnel, redirect 
> anything from localhost:8080 (in this case your remote maschine) to your 
> local machine:8080
> home # ssh -R 8080:localhost:8090 user at remote
> You should use a key to get rid of the password question!
> Add a line like this to the remote /etc/inetd.conf:
> 8090 stream tcp nowait nobody /usr/bin/nc /usr/bin/nc  localhost 8080
> CU

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090123/77d33f83/attachment.html>

More information about the stunnel-users mailing list