[stunnel-users] No DNS lookup?

• Previous message (by thread): [stunnel-users] No DNS lookup?
• Next message (by thread): [stunnel-users] No DNS lookup?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2015-01-21 08:52:34 +0000, Colin vd Zanden wrote:
> Thanks Ludolf and Dmitry for replying. 

> @Ludolf, I know what an IP adress is. It's just that it's not
> allowed by the host to connect on their IP.
> @Dmitry, I tried putting the SNI settings in the config file, but it didn't resolve our problem. 
> This is whats in our stunnel log file: 
> 2015.01.21 09:30:00 LOG5[4684]: Service [ SERVICENAME ] accepted connection from 'INTERNAL-IP:PORT'2015.01.21 09:30:00 LOG5[4684]: s_connect: connected 'EXTERNAL-IP:PORT'2015.01.21 09:30:00 LOG5[4684]: Service [ SERVICENAME  ] connected remote server from 'INTERNAL-IP:PORT'2015.01.21 09:30:00 LOG5[4684]: Connection closed: 251 byte(s) sent to SSL, 188 byte(s) sent to socket
> The response from the host is: "403 Forbidden</h1> Request forbidden by administrative rules."
> Their support states it's because we are connecting to 'EXTERNAL-IP:PORT' and not 'SOMETHING.HOST.COM' .
> Thanks again,

Ah, it seems we were talking at cross purposes.

On OSI layer 2 (Network) you don't have a chance to use something
other than IP addresses.

On OSI layer 7 (Application) you may use whatever the protocol
requires.

It seems you are using HTTP as layer 7 protocol, and it seems the
server you are trying to connect needs to see a certain host name in
the HTTP requests (possibly because there are multiple virtual hosts
on the same machine, using a single IP address).

In the first instance, Stunnel doesn't touch the data in layer 5 and
above, i.e. it forwards the HTTP requests unchanged.  However, there
are service level options for stunnel ("protocol...") to tweak
upper-level data.

I didn't use them yet, maybe someone else could comment.

A possible solution for your problem would be to configure Stunnel to
not change upper level data, but make the client resolve the DNS name
of the server to the IP address Stunnel listens on, e.g. by adding an
appropriate entry to the 'hosts' file.

HTH,

Ludolf

-- 

Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796

• Previous message (by thread): [stunnel-users] No DNS lookup?
• Next message (by thread): [stunnel-users] No DNS lookup?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]