<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
Hi,<br><br>We're using stunnel to provide a secure interface to an old server that doesn't support HTTPS natively. I'd like to implement some access control so that connections are only supported from specific IP addresses. I am using v4.27 of stunnel that I downloaded from HPs website, and am running it from inittab to ensure it is always running. Unfortunately I don't think it's compiled with libwrap. Should I see libwrap listed when I run ldd against the binary (see below for output)?<br><br>I think it's possible to run stunnel from inetd. Could I wrapper it here? Is the following entry correct? <br> stunnel stream tcp nowait root /usr/lbin/tcpd /opt/iexpress/stunnel/bin/stunnel stunnel<br><br>I think this would work, but I'm concerned that if stunnel was to crash or be killed that there would be nothing restarting it if we ran it from inetd.<br><br>Any advice much appreciated<br>Craig<br><br>-------------------------------------<br><br># ./stunnel -version<br>stunnel 4.27 on ia64-hp-hpux11.23 with OpenSSL 0.9.7m 23 Feb 2007<br>Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6<br><br>Global options<br>debug = 5<br>pid = /opt/iexpress/stunnel/var/run/stunnel/stunnel.pid<br>RNDbytes = 64<br>RNDfile = /dev/urandom<br>RNDoverwrite = yes<br><br>Service-level options<br>cert = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem<br>ciphers = ALL:!aNULL:!eNULL+RC4:@STRENGTH<br>key = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem<br>session = 300 seconds<br>stack = 65536 bytes<br>sslVersion = SSLv3 for client, all for server<br>TIMEOUTbusy = 300 seconds<br>TIMEOUTclose = 60 seconds<br>TIMEOUTconnect = 10 seconds<br>TIMEOUTidle = 43200 seconds<br>verify = none<br><br><br># ldd ./stunnel<br> libdl.so.1 => /usr/lib/hpux32/libdl.so.1<br> libnsl.so.1 => /usr/lib/hpux32/libnsl.so.1<br> libpthread.so.1 => /usr/lib/hpux32/libpthread.so.1<br> libunwind.so.1 => /usr/lib/hpux32/libunwind.so.1<br> libc.so.1 => /usr/lib/hpux32/libc.so.1<br> libxti.so.1 => /usr/lib/hpux32/libxti.so.1<br> libuca.so.1 => /usr/lib/hpux32/libuca.so.1<br> libdl.so.1 => /usr/lib/hpux32/libdl.so.1<br><br> <br /><hr />Do you want a Hotmail account? <a href='http://clk.atdmt.com/UKM/go/197222280/direct/01/' target='_new'>Sign-up now - Free</a></body>
</html>