On Wed, 2015-01-21 08:52:34 +0000, Colin vd Zanden wrote:
Thanks Ludolf and Dmitry for replying.
@Ludolf, I know what an IP adress is. It's just that it's not allowed by the host to connect on their IP. @Dmitry, I tried putting the SNI settings in the config file, but it didn't resolve our problem. This is whats in our stunnel log file: 2015.01.21 09:30:00 LOG5[4684]: Service [ SERVICENAME ] accepted connection from 'INTERNAL-IP:PORT'2015.01.21 09:30:00 LOG5[4684]: s_connect: connected 'EXTERNAL-IP:PORT'2015.01.21 09:30:00 LOG5[4684]: Service [ SERVICENAME ] connected remote server from 'INTERNAL-IP:PORT'2015.01.21 09:30:00 LOG5[4684]: Connection closed: 251 byte(s) sent to SSL, 188 byte(s) sent to socket The response from the host is: "403 Forbidden</h1> Request forbidden by administrative rules." Their support states it's because we are connecting to 'EXTERNAL-IP:PORT' and not 'SOMETHING.HOST.COM' . Thanks again,
Ah, it seems we were talking at cross purposes.
On OSI layer 2 (Network) you don't have a chance to use something other than IP addresses.
On OSI layer 7 (Application) you may use whatever the protocol requires.
It seems you are using HTTP as layer 7 protocol, and it seems the server you are trying to connect needs to see a certain host name in the HTTP requests (possibly because there are multiple virtual hosts on the same machine, using a single IP address).
In the first instance, Stunnel doesn't touch the data in layer 5 and above, i.e. it forwards the HTTP requests unchanged. However, there are service level options for stunnel ("protocol...") to tweak upper-level data.
I didn't use them yet, maybe someone else could comment.
A possible solution for your problem would be to configure Stunnel to not change upper level data, but make the client resolve the DNS name of the server to the IP address Stunnel listens on, e.g. by adding an appropriate entry to the 'hosts' file.
HTH,
Ludolf