[stunnel-users] Use stunnel through firewall for home Web server?
tshaw at oitc.com
Sat Jan 24 15:56:30 CET 2009
At 1:58 PM +0100 1/24/09, Bill Eldridge wrote:
>Tom Shaw wrote:
>>>>>As an example if I run Apache on my home machine, I'd like it to
>>>>>start the tunnel when
>>>>>I turn it on, have it automatically set up stunnel to a Linux
>>>>>box I have on the public net,
>>>>>and have anything to port 8090 on the Linux box get passed to my
>>>>>home machine 8080.
>>>>Easier to use ssh to port forward in this instance, IMHO. But
>>>>why? Seems like just port mapping on the NAT router would work
>>>>just as well and with no different effect on security.
>>>Because I won't be able to add ssh or access the router in a
>>>number of cases where I need this,
>>>but I believe I'll have access to stunnel in many/most cases.
>>>Necessity is the mother of invention.
>>Maybe I am all wet but is seems to me that a) if you can put
>>stunnel at both ends you can put ssh at both ends - saying that you
>>would have access to stunnel and not ssh doesn't make any sense,
>If stunnel already exists on the machines and ssh doesn't and I don't
>have permission to install it, it makes sense.
>>b) why wouldn't you have access to your own router?
>If someone else installed it and didn't give me admin permission, for example,
>amongst other scenarios.
The premise you explained was, "I run Apache on my home machine, I'd
like it to start the tunnel when I turn it on, have it automatically
set up stunnel to a Linux box I have on the public net, and have
anything to port 8090 on the Linux box get passed to my home machine
In your scenario, you fundamentally want your home machine to accept
connections from the public internet on port 8090. The simplest way
it to configure apache to accept connections from port 8090 and allow
port forwarding through your home router.
You scenario seems to require connections to be make to your public
linux machine. I can only imagine why as there are plenty of simpler
ways of associating a host with and IP or dealing with dynamic dns,
etc. But OK Its your linux machine and your home machine and you now
say that your linux distro didn't come with ssh - weird . So why not
configure your linux apache to provide reverse proxy services for
your home machine? Or create a VPN between your home machine and your
linux public machine.
Your comment that you don't have access to either machine with admin
privileges (your latest comment above) begs the obvious question as
to how do you even expect to be able configure Stunnel or apache?
Sorry that I don't understand the problem you are trying to solve.
More information about the stunnel-users