[stunnel-users] Use stunnel through firewall for home Web server?

Sat Jan 24 18:19:40 CET 2009

Tom Shaw wrote:
> At 1:58 PM +0100 1/24/09, Bill Eldridge wrote:
>> Tom Shaw wrote:
>>>>>>
>>>>>> As an example if I run Apache on my home machine, I'd like it to 
>>>>>> start the tunnel when
>>>>>> I turn it on, have it automatically set up stunnel to a Linux box 
>>>>>> I have on the public net,
>>>>>> and have anything to port 8090 on the Linux box get passed to my 
>>>>>> home machine 8080.
>>>>>>
>>>>>
>>>>> Easier to use ssh to port forward in this instance, IMHO. But why? 
>>>>> Seems like just port mapping on the NAT router would work just as 
>>>>> well and with no different effect on security.
>>>> Because I won't be able to add ssh or access the router in a number 
>>>> of cases where I need this,
>>>> but I believe I'll have access to stunnel in many/most cases. 
>>>> Necessity is the mother of invention.
>>>
>>> Maybe I am all wet but is seems to me that a) if you can put stunnel 
>>> at both ends you can put ssh at both ends - saying that you would 
>>> have access to stunnel and not ssh doesn't make any sense,
>> If stunnel already exists on the machines and ssh doesn't and I don't
>> have permission to install it, it makes sense.
>>> b) why wouldn't you have access to your own router?
>> If someone else installed it and didn't give me admin permission, for 
>> example,
>> amongst other scenarios.
>
> Still confused.
>
> The premise you explained was, "I run Apache on my home machine, I'd 
> like it to start the tunnel when I turn it on, have it automatically 
> set up stunnel to a Linux box I have on the public net, and have 
> anything to port 8090 on the Linux box get passed to my home machine 
> 8080."
>
> In your scenario, you fundamentally want your home machine to accept 
> connections from the public internet on port 8090. The simplest way it 
> to configure apache to accept connections from port 8090 and allow 
> port forwarding through your home router.
>
> You scenario seems to require connections to be make to your public 
> linux machine. I can only imagine why as there are plenty of simpler 
> ways of associating a host with and IP or dealing with dynamic dns, 
> etc. But OK Its your linux machine and your home machine and you now 
> say that your linux distro didn't come with ssh - weird . So why not 
> configure your linux apache to provide reverse proxy services for your 
> home machine? Or create a VPN between your home machine and your linux 
> public machine.
>
> Your comment that you don't have access to either machine with admin 
> privileges (your latest comment above) begs the obvious question as to 
> how do you even expect to be able configure Stunnel or apache?
>
> Sorry that I don't understand the problem you are trying to solve.
Sigh. I think I described a scenario that I want to solve with stunnel.
I realize there are other ways to do this, and can do it, and have done it.
I would like to know if it's possible with stunnel or not, whether I 
misunderstand
what stunnel is able to do, whether it needs stunnel with PPP to do what 
I describe
or whether stunnel can do it alone.

Can I use stunnel to connect from my machine behind a firewall
to an external Web server and use that tunnel to allow port forwarding 
from the
Web server to the machine behind the firewall. Not reconfiguring Apache,
not reconfiguring the firewall.

Thanks.