On Wed, Dec 26, 2007 at 04:53:26PM +0200, Shalvi Ziv wrote:

All,

As my PROXY server gets requests from end-users to be proxied to several different content providers (SMS servers), I was wondering how can encrypt the traffic between the PROXY to the SMS using stunnel, but still handle the differentiation to the various content providers.

Meaning, my PROXY listens on port 9090 for all incoming SMS requests and each request should be addressed to different SMS server (i.e. different content provider) based on the number the message was sent to.

See following example:

Client = yes [SMPP] accept = 9090 (should always be this port) connect = <SMS IP>:442

Now, how can I do it with stunnel configuration (having the <SMS IP> flexibly assigned according to other parameters in the packet)?

You can't do this directly; however, there is a way, if your proxy supports it.

Just have several instances of stunnel on the proxy host (or some other machine nearby), each one listening on a different port and forwarding the data over a secure connection to a different provider. Then, you may have the proxy redirect the requests to those stunnel instances based on which provider the request is for.

The simplest configuration would be to have all stunnel instances listen on different ports on the loopback address (localhost, 127.0.0.1) of the proxy machine; this way, you are certain that the proxy can connect to them and that no one else is able to.

All you have to do now is figure out a way to have your proxy connect to different servers "based on other parameters in the packet".

Hope that helps.

G'luck, Peter