[stunnel-users] "Reverse" tunneling with stunnel.
C. Petro
petro at cpetro.us
Wed Jul 18 06:51:07 CEST 2018
I have a client who is setting up a logging infrastructure involving a
couple of DMZs forwarding logs into central logging points.
They have to pass compliance audits (SOX, PCI at least) and have some
rather specific desires in regards to how they want the log traffic to
move, and which servers *initiate* the connections.
Which is to say they want the internal servers to set up tunnels to the DMZ
servers and then the forwarders use that tunnel to deliver logs back.
Lemme see if I can ascii art this:
central1----------------------------------dmz1
\____________________ /
_____________________\ _/
/ \
central2----------------------------------dmz2
Something like that.
Central1=10.10.1.2
Central2=10.9.1.2
DMZ1=172.18.0.5
DMZ2=172.20.0.5
Firewalls are in effect.
I have gotten it set up so that I can initiate a connection FROM Central1
to DMZ2.
[Tunnel_to_DMZ2]
client = yes
accept = 3002
connect = 172.20.0.5:5000
And
[Tunnel_from_Central1]
accept = 5000
connect = 3000
Like I said, I can open a tunnel from Central1 to DMZ2, but can't get
traffic to pass backwards--I get a message in the log saying the session is
closed.
Is it possible to set stunnel up in a "reverse tunnel" mode--one where the
connect is initiated from one end, but the other does most of the message
passing?
What I am missing?
Thanks,
Petro.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180717/4121c567/attachment.html>
More information about the stunnel-users
mailing list