[stunnel-users] stunnel in DMZ : accept=22 / connect=other.server.net:22 - gets stuck! - need help!

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Thu Mar 17 17:12:21 CET 2011


On Thu, 2011-03-17 15:48:27 +0100, Bernhard.Baeumle at mt.com wrote:
> Hi
> 
> I use stunnel on a DMZ server for tunnelling/forwarding/proxying...
> (whatever term is correct).
> 
> The situation is as follows:
> Hardware      : External PC             <==> DMZ server         <==>
> company-internal server 
> Operational   : https://xxx.yy.zz (443) <==> (443) stunnel (80) <==>
> (80) SVN Server listening on port 80
> NEW/NEED HELP : plink (22)              <==> (22)  stunnel (22) <==>
> (22) sshd listening on port 22


I don't think the clients bind() to the ports they connect() to.
i.e. your picture should look like this:

           external PC          DMZ server        internal server

https://xxx.yy.zz (p1) ==> (443) stunnel (p2) --> (80) SVN Server
            plink (p3) ==> (22)  stunnel (p4) --> (22) sshd

p1 through p4 are arbitrary port numbers. ==> and --> are encrypted
and clear-text connections, respectively.

Does sshd cope with clear-text connections?

If yes, "telnet dmz-server-name.net 22" (or the rlogin equivalent)
should work on an internal workstation.

Ludolf


-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Floßwörthstraße 41          e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------




More information about the stunnel-users mailing list