On Thu, 2016-03-31 09:39:49 -0400, Carter Browne wrote:
A single instance of stunnel can be a server or a client depending on the settings. For this configuration, you would want host3 to be a server not a client. Thus, you need the intermediate port on server2 to server as both a client and a server:
In your configuration files you would need:
Host1: [secure_telnet] accept = local:23 connect = host2:host2port1 client = yes
Host2: [incoming_telnet_relay] accept = host2:host2port1 connect = local:host2port2 client = no
[outgoing_telnet_relay] accept =local:host2port2 connect = host3:host3port1 client = yes
Host3: [incoming_telnet] accept = host3:host3port1 connect = local:23
Carter,
What's the advantage of this setup over a direct connection from Host1 to Host3?
Host1:
[secure_telnet] accept = local:23 connect = host3:host3port1 client = yes
Host3:
[incoming_telnet] accept = host3:host3port1 connect = local:23 client = no
If e.g. Host3 isn't directly reachable from Host1, a simple port forwarding (without decryption and re-encryption) on Host2 would suffice.
Ludolf