Re: [stunnel-users] Stunnel on the same machine
The configuration files are : pid = /var/stunnel.pid ;chroot = /var/lib/stunnel setuid = nobody setgid = nobody foreground =yes ; Use it for client mode client = yes ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 [mysqls] accept = 3307 connect = 192.168.1.6:3307 On 192.168.1.6 ---------------------- pid = /var/stunnel.pid setuid =nobody setgid = nobody foreground = yes client = no ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 [mysqls] accept =3307 connect =3306 connecting like /usr/local/mysql/bin/mysql -h 127.0.0.1 -u root -p -P 3307 Enter password: On entring password the following lines appear : ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 104 Subrata ----- Original Message ----- From: Brian Hatch <bri@stunnel.org> To: subrata@indiatimes.com Sent: Sun, 7 Oct 2007 10:02:17 +0530 (IST) Subject: Re: [stunnel-users] Stunnel on the same machine Near 2007-10-05 22:17 +0530, subrata@indiatimes.com insisted:
After starting stunnel and connecting the mysql client/usr/local/mysql/bin/mysql -h 127.0.0.1 -u root -p the flow gets stuck at the Enter password prompt any suggestions how to proceed from there.
What do your stunnel configuration files look like? Other problem: mysql client may decide to use a local domain socket when connecting to localhost, thwarting your attempts to go via Stunnel. You might want to 'strace mysql ...' and look for the connect() lines. -- Brian Hatch Time flies like an Systems and arrow. Fruit flies Security Engineer like a banana. http://www.ifokr.org/bri/ Every message PGP signed -- My life has changed. What about yours? Log on to the new Indiatimes Mail and Live out of the Inbox!
Hi The mysql gives the following error when connecting with stunnel : ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 104 The following is the dump at the stunnel at the client side : 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 4 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 5 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 6 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on accept socket 2007.10.09 11:56:59 LOG7[27211:182898183552]: pop3s bound to 0.0.0.0:995 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 7 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on accept socket 2007.10.09 11:56:59 LOG7[27211:182898183552]: imaps bound to 0.0.0.0:993 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 8 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on accept socket 2007.10.09 11:56:59 LOG7[27211:182898183552]: ssmtp bound to 0.0.0.0:465 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 9 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on accept socket 2007.10.09 11:56:59 LOG7[27211:182898183552]: mysqls bound to 0.0.0.0:3307 2007.10.09 11:56:59 LOG7[27211:182898183552]: Created pid file /var/stunnel.pid 2007.10.09 11:57:07 LOG7[27211:182898183552]: mysqls accepted FD=10 from 127.0.0.1:32807 2007.10.09 11:57:07 LOG7[27211:1073809760]: mysqls started 2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 10 in non-blocking mode 2007.10.09 11:57:07 LOG7[27211:1073809760]: TCP_NODELAY option set on local socket 2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 11 in non-blocking mode 2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 12 in non-blocking mode 2007.10.09 11:57:07 LOG7[27211:182898183552]: Cleaning up the signal pipe 2007.10.09 11:57:07 LOG6[27211:182898183552]: Child process 27214 finished with code 0 2007.10.09 11:57:07 LOG7[27211:1073809760]: Connection from 127.0.0.1:32807 permitted by libwrap 2007.10.09 11:57:07 LOG5[27211:1073809760]: mysqls accepted connection from 127.0.0.1:32807 2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 11 in non-blocking mode 2007.10.09 11:57:07 LOG7[27211:1073809760]: mysqls connecting 192.168.1.6:3307 2007.10.09 11:57:07 LOG7[27211:1073809760]: connect_wait: waiting 10 seconds 2007.10.09 11:57:07 LOG7[27211:1073809760]: connect_wait: connected 2007.10.09 11:57:07 LOG5[27211:1073809760]: mysqls connected remote server from 192.168.1.232:32808 2007.10.09 11:57:07 LOG7[27211:1073809760]: Remote FD=11 initialized 2007.10.09 11:57:07 LOG7[27211:1073809760]: TCP_NODELAY option set on remote socket 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): before/connect initialization 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write client hello A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read server hello A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read server certificate A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read server done A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write client key exchange A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write change cipher spec A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write finished A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 flush data 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read finished A 2007.10.09 11:57:07 LOG7[27211:1073809760]: 1 items in the session cache 2007.10.09 11:57:07 LOG7[27211:1073809760]: 1 client connects (SSL_connect()) 2007.10.09 11:57:07 LOG7[27211:1073809760]: 1 client connects that finished 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 client renegotiations requested 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 server connects (SSL_accept()) 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 server connects that finished 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 server renegotiations requested 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 session cache hits 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 session cache misses 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 session cache timeouts 2007.10.09 11:57:07 LOG6[27211:1073809760]: SSL connected: new session negotiated 2007.10.09 11:57:07 LOG6[27211:1073809760]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2007.10.09 11:57:07 LOG3[27211:1073809760]: SSL_read: Connection reset by peer (104) 2007.10.09 11:57:07 LOG5[27211:1073809760]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2007.10.09 11:57:07 LOG7[27211:1073809760]: mysqls finished (0 left) and on the server side 2007.10.09 12:03:35 LOG5[4829:1073809760]: mysqls accepted connection from 192.168.1.232:32808 2007.10.09 12:03:35 LOG3[4829:1073809760]: connect_wait: getsockopt: Connection refused (111) 2007.10.09 12:03:35 LOG5[4829:1073809760]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket thanks in advance . Subrata ----- Original Message ----- From: subrata@indiatimes.com To: Brian Hatch <bri@stunnel.org> Cc: stunnel-users@mirt.net Sent: Mon, 8 Oct 2007 14:46:50 +0530 (IST) Subject: Re: [stunnel-users] Stunnel on the same machine The configuration files are : pid = /var/stunnel.pid ;chroot = /var/lib/stunnel setuid = nobody setgid = nobody foreground =yes ; Use it for client mode client = yes ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 [mysqls] accept = 3307 connect = 192.168.1.6:3307 On 192.168.1.6 ---------------------- pid = /var/stunnel.pid setuid =nobody setgid = nobody foreground = yes client = no ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 [mysqls] accept =3307 connect =3306 connecting like /usr/local/mysql/bin/mysql -h 127.0.0.1 -u root -p -P 3307 Enter password: On entring password the following lines appear : ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 104 Subrata ----- Original Message ----- From: Brian Hatch <bri@stunnel.org> To: subrata@indiatimes.com Sent: Sun, 7 Oct 2007 10:02:17 +0530 (IST) Subject: Re: [stunnel-users] Stunnel on the same machine Near 2007-10-05 22:17 +0530, subrata@indiatimes.com insisted:
After starting stunnel and connecting the mysql client/usr/local/mysql/bin/mysql -h 127.0.0.1 -u root -p the flow gets stuck at the Enter password prompt any suggestions how to proceed from there.
What do your stunnel configuration files look like? Other problem: mysql client may decide to use a local domain socket when connecting to localhost, thwarting your attempts to go via Stunnel. You might want to 'strace mysql ...' and look for the connect() lines. -- Brian Hatch Time flies like an Systems and arrow. Fruit flies Security Engineer like a banana. http://www.ifokr.org/bri/ Every message PGP signed -- My life has changed. What about yours? Log on to the new Indiatimes Mail and Live out of the Inbox! _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users -- My life has changed. What about yours? Log on to the new Indiatimes Mail and Live out of the Inbox!
I see that on your server you have specified your config for mysqls like this: [mysqls] accept =3307 connect =3306 try setting it like this: [mysqls] accept =3307 connect =127.0.0.1:3306 and see if that works... Craig -----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] On Behalf Of subrata@indiatimes.com Sent: 09 October 2007 08:25 AM To: Brian Hatch Cc: stunnel-users@mirt.net Subject: Re: [stunnel-users] Mysql doesnt run with stunnel Hi The mysql gives the following error when connecting with stunnel : ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 104 The following is the dump at the stunnel at the client side : 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 4 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 5 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 6 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on accept socket 2007.10.09 11:56:59 LOG7[27211:182898183552]: pop3s bound to 0.0.0.0:995 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 7 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on accept socket 2007.10.09 11:56:59 LOG7[27211:182898183552]: imaps bound to 0.0.0.0:993 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 8 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on accept socket 2007.10.09 11:56:59 LOG7[27211:182898183552]: ssmtp bound to 0.0.0.0:465 2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 9 in non-blocking mode 2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on accept socket 2007.10.09 11:56:59 LOG7[27211:182898183552]: mysqls bound to 0.0.0.0:3307 2007.10.09 11:56:59 LOG7[27211:182898183552]: Created pid file /var/stunnel.pid 2007.10.09 11:57:07 LOG7[27211:182898183552]: mysqls accepted FD=10 from 127.0.0.1:32807 2007.10.09 11:57:07 LOG7[27211:1073809760]: mysqls started 2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 10 in non-blocking mode 2007.10.09 11:57:07 LOG7[27211:1073809760]: TCP_NODELAY option set on local socket 2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 11 in non-blocking mode 2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 12 in non-blocking mode 2007.10.09 11:57:07 LOG7[27211:182898183552]: Cleaning up the signal pipe 2007.10.09 11:57:07 LOG6[27211:182898183552]: Child process 27214 finished with code 0 2007.10.09 11:57:07 LOG7[27211:1073809760]: Connection from 127.0.0.1:32807 permitted by libwrap 2007.10.09 11:57:07 LOG5[27211:1073809760]: mysqls accepted connection from 127.0.0.1:32807 2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 11 in non-blocking mode 2007.10.09 11:57:07 LOG7[27211:1073809760]: mysqls connecting 192.168.1.6:3307 2007.10.09 11:57:07 LOG7[27211:1073809760]: connect_wait: waiting 10 seconds 2007.10.09 11:57:07 LOG7[27211:1073809760]: connect_wait: connected 2007.10.09 11:57:07 LOG5[27211:1073809760]: mysqls connected remote server from 192.168.1.232:32808 2007.10.09 11:57:07 LOG7[27211:1073809760]: Remote FD=11 initialized 2007.10.09 11:57:07 LOG7[27211:1073809760]: TCP_NODELAY option set on remote socket 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): before/connect initialization 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write client hello A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read server hello A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read server certificate A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read server done A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write client key exchange A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write change cipher spec A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write finished A 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 flush data 2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read finished A 2007.10.09 11:57:07 LOG7[27211:1073809760]: 1 items in the session cache 2007.10.09 11:57:07 LOG7[27211:1073809760]: 1 client connects (SSL_connect()) 2007.10.09 11:57:07 LOG7[27211:1073809760]: 1 client connects that finished 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 client renegotiations requested 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 server connects (SSL_accept()) 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 server connects that finished 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 server renegotiations requested 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 session cache hits 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 session cache misses 2007.10.09 11:57:07 LOG7[27211:1073809760]: 0 session cache timeouts 2007.10.09 11:57:07 LOG6[27211:1073809760]: SSL connected: new session negotiated 2007.10.09 11:57:07 LOG6[27211:1073809760]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2007.10.09 11:57:07 LOG3[27211:1073809760]: SSL_read: Connection reset by peer (104) 2007.10.09 11:57:07 LOG5[27211:1073809760]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2007.10.09 11:57:07 LOG7[27211:1073809760]: mysqls finished (0 left) and on the server side 2007.10.09 12:03:35 LOG5[4829:1073809760]: mysqls accepted connection from 192.168.1.232:32808 2007.10.09 12:03:35 LOG3[4829:1073809760]: connect_wait: getsockopt: Connection refused (111) 2007.10.09 12:03:35 LOG5[4829:1073809760]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket thanks in advance . Subrata ----- Original Message ----- From: subrata@indiatimes.com To: Brian Hatch <bri@stunnel.org> Cc: stunnel-users@mirt.net Sent: Mon, 8 Oct 2007 14:46:50 +0530 (IST) Subject: Re: [stunnel-users] Stunnel on the same machine The configuration files are : pid = /var/stunnel.pid ;chroot = /var/lib/stunnel setuid = nobody setgid = nobody foreground =yes ; Use it for client mode client = yes ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 [mysqls] accept = 3307 connect = 192.168.1.6:3307 On 192.168.1.6 ---------------------- pid = /var/stunnel.pid setuid =nobody setgid = nobody foreground = yes client = no ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 [mysqls] accept =3307 connect =3306 connecting like /usr/local/mysql/bin/mysql -h 127.0.0.1 -u root -p -P 3307 Enter password: On entring password the following lines appear : ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 104 Subrata ----- Original Message ----- From: Brian Hatch <bri@stunnel.org> To: subrata@indiatimes.com Sent: Sun, 7 Oct 2007 10:02:17 +0530 (IST) Subject: Re: [stunnel-users] Stunnel on the same machine Near 2007-10-05 22:17 +0530, subrata@indiatimes.com insisted:
After starting stunnel and connecting the mysql client/usr/local/mysql/bin/mysql -h 127.0.0.1 -u root -p the flow gets stuck at the Enter password prompt any suggestions how to proceed from there.
What do your stunnel configuration files look like? Other problem: mysql client may decide to use a local domain socket when connecting to localhost, thwarting your attempts to go via Stunnel. You might want to 'strace mysql ...' and look for the connect() lines. -- Brian Hatch Time flies like an Systems and arrow. Fruit flies Security Engineer like a banana. http://www.ifokr.org/bri/ Every message PGP signed -- My life has changed. What about yours? Log on to the new Indiatimes Mail and Live out of the Inbox! _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users -- My life has changed. What about yours? Log on to the new Indiatimes Mail and Live out of the Inbox! _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
participants (3)
-
Craig Retief -
Mzilla -
subrataļ¼ indiatimes.com