[stunnel-users] Use stunnel through firewall for home Web server?

Michael Renner michael.renner at gmx.de
Sat Jan 24 10:37:38 CET 2009

On Friday 23 January 2009, Bill Eldridge wrote:
> Tom Shaw wrote:


ok, let's recapitulate:

you have to use SSL, not ssh
you can not use port forward

there is no 'reverse mode' in stunnel

An other alternative with stunnel is to use a SSL-VPN. This encapsulate a ppp 
network in a SSL (here: stunnel) connection. It has much more features as you 
need, but

* it is SSL
* it is under your control

google will help you to find instructions . There is also an exellent 
book "Building Linux Virtual Private Networks" that I bought last week ;-)


> > At 7:46 PM +0100 1/23/09, Bill Eldridge wrote:
> >> Michael Renner wrote:
> >>> On Friday 23 January 2009, Bill Eldridge wrote:
> >>>> I was interested in whether there's a simple
> >>>> way to have stunnel redirect traffic from a public Web browser/port
> >>>> to my home Web browser behind my DSL firewall
> >>>> (no ports opened/forwarded for incoming connections on the router,
> >>>> only outgoing-initiated)
> >>>
> >>> Moin,
> >>>
> >>> it is not clear to what you want to do. From a public web browser to
> >>> your home
> >>> web browser?
> >>>
> >>> Can you clarify your setup?
> >>
> >> As an example if I run Apache on my home machine, I'd like it to
> >> start the tunnel when
> >> I turn it on, have it automatically set up stunnel to a Linux box I
> >> have on the public net,
> >> and have anything to port 8090 on the Linux box get passed to my home
> >> machine 8080.
> >
> > Easier to use ssh to port forward in this instance, IMHO. But why?
> > Seems like just port mapping on the NAT router would work just as well
> > and with no different effect on security.
> Because I won't be able to add ssh or access the router in a number of
> cases where I need this,
> but I believe I'll have access to stunnel in many/most cases. Necessity
> is the mother of invention.
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users

|Michael Renner      E-mail: michael.renner at gmx.de  |
|D-81541 Munich      Germany        ICQ: #112280325 |
|Germany             Don't drink as root!      ESC:wq

More information about the stunnel-users mailing list