<div dir="ltr"><div class="gmail_default" style="font-size:x-small">I have a client who is setting up a logging infrastructure involving a couple of DMZs forwarding logs into central logging points. </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">They have to pass compliance audits (SOX, PCI at least) and have some rather specific desires in regards to how they want the log traffic to move, and which servers *initiate* the connections. </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">Which is to say they want the internal servers to set up tunnels to the DMZ servers and then the forwarders use that tunnel to deliver logs back. </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">Lemme see if I can ascii art this: </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">central1----------------------------------dmz1</div><div class="gmail_default" style="font-size:x-small">            \____________________      /</div><div class="gmail_default" style="font-size:x-small">           _____________________\ _/</div><div class="gmail_default" style="font-size:x-small">          /                                           \</div><div class="gmail_default" style="font-size:x-small">central2----------------------------------dmz2</div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">

<span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Something like that.</span> </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">Central1=10.10.1.2</div><div class="gmail_default" style="font-size:x-small">Central2=10.9.1.2</div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">DMZ1=172.18.0.5</div><div class="gmail_default" style="font-size:x-small">DMZ2=172.20.0.5</div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">Firewalls are in effect. </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">I have gotten it set up so that I can initiate a connection FROM Central1 to DMZ2. </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">[Tunnel_to_DMZ2]</div><div class="gmail_default" style="font-size:x-small">client = yes </div><div class="gmail_default" style="font-size:x-small">accept = 3002</div><div class="gmail_default" style="font-size:x-small">connect = <a href="http://172.20.0.5:5000">172.20.0.5:5000</a></div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">And </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">[Tunnel_from_Central1]</div><div class="gmail_default" style="font-size:x-small">accept = 5000</div><div class="gmail_default" style="font-size:x-small">connect = 3000</div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">Like I said, I can open a tunnel from Central1 to DMZ2, but can't get traffic to pass backwards--I get a message in the log saying the session is closed. </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">Is it possible to set stunnel up in a "reverse tunnel" mode--one where the connect is initiated from one end, but the other does most of the message passing? </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">What I am missing? </div><div class="gmail_default" style="font-size:x-small"><br></div><div class="gmail_default" style="font-size:x-small">Thanks,</div><div class="gmail_default" style="font-size:x-small">Petro.</div><div class="gmail_default" style="font-size:x-small"><br></div></div>