[stunnel-users] "Reverse" tunneling with stunnel.

Peter Pentchev roam at ringlet.net
Fri Jul 20 08:00:36 CEST 2018

On Thu, Jul 19, 2018 at 10:02:16PM -0600, C. Petro wrote:
> ‚ÄčThank you for you quick reply, and sorry it's taken me so long to respond
> back.
> Frankly I'm not exactly sure what is going on, or what layer the problem
> is.
> I don't think this is a firewall issue--I'm not seeing the connections
> closed in "minutes", I'm seeing them dropped
> So I want to connect  FROM the indexer TO the DMZ host so the DMZ host can
> send log data back.
> Or to put it another way, the *client* opens the connection to the server
> and the server starts flowing data.

It doesn't matter to stunnel at all - all it cares about is what host/port
it should listen on, what host/port it should connect to, and which role
it should play in the TLS connection, nothing more.

> But if I have rsyslogd listening on 3002 ( on the Indexer (client) side,
> then the tunnel never gets initiated, and if I have rsyslogd set up to
> *send* from the DMZ (server) side I get:

OK, I didn't quite understand this from your original e-mail, sorry.
However, in your log:

> 2018.07.19 23:59:41 LOG7[24275:140358448011328]: Service
> [tunnel_from_10.3.209.52] accepted (FD=3) f rom
> 2018.07.19 23:59:41 LOG6[24275:140358448006912]: SSL accepted: new session
> negotiated

So far so good, but then...

> 2018.07.19 23:59:41 LOG3[24275:140358448006912]: connect_blocking: connect
> Connectio n refused (111)

...this particular stunnel instance could not connect to something
listening on port 3000 of its own host.  What should be listening
there?  Is it running?  Is it listening?  What does, e.g.

    netstat -atn | fgrep -e ':3000'

...or maybe even:

    lsof -n -i 4tcp:3000

say?  What happens if - on this host - you try to do something like:

    nc -v 3000


    telnet 3000


Peter Pentchev  roam@{ringlet.net,debian.org,FreeBSD.org} pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180720/950dafdd/attachment.sig>

More information about the stunnel-users mailing list