At 1:58 PM +0100 1/24/09, Bill Eldridge wrote:
Tom Shaw wrote:
As an example if I run Apache on my home machine, I'd like it to start the tunnel when I turn it on, have it automatically set up stunnel to a Linux box I have on the public net, and have anything to port 8090 on the Linux box get passed to my home machine 8080.
Easier to use ssh to port forward in this instance, IMHO. But why? Seems like just port mapping on the NAT router would work just as well and with no different effect on security.
Because I won't be able to add ssh or access the router in a number of cases where I need this, but I believe I'll have access to stunnel in many/most cases. Necessity is the mother of invention.
Maybe I am all wet but is seems to me that a) if you can put stunnel at both ends you can put ssh at both ends - saying that you would have access to stunnel and not ssh doesn't make any sense,
If stunnel already exists on the machines and ssh doesn't and I don't have permission to install it, it makes sense.
b) why wouldn't you have access to your own router?
If someone else installed it and didn't give me admin permission, for example, amongst other scenarios.
Still confused.
The premise you explained was, "I run Apache on my home machine, I'd like it to start the tunnel when I turn it on, have it automatically set up stunnel to a Linux box I have on the public net, and have anything to port 8090 on the Linux box get passed to my home machine 8080."
In your scenario, you fundamentally want your home machine to accept connections from the public internet on port 8090. The simplest way it to configure apache to accept connections from port 8090 and allow port forwarding through your home router.
You scenario seems to require connections to be make to your public linux machine. I can only imagine why as there are plenty of simpler ways of associating a host with and IP or dealing with dynamic dns, etc. But OK Its your linux machine and your home machine and you now say that your linux distro didn't come with ssh - weird . So why not configure your linux apache to provide reverse proxy services for your home machine? Or create a VPN between your home machine and your linux public machine.
Your comment that you don't have access to either machine with admin privileges (your latest comment above) begs the obvious question as to how do you even expect to be able configure Stunnel or apache?
Sorry that I don't understand the problem you are trying to solve.