Hi,
Is it possible to configure stunnel to use the same port on different IP addresses that are Ethernet aliases?
I have successfully set up a configuration file accepting SSL connections. Firstly I did this on all IP addresses by using the following configuration lines:
accept = 443 connect = 80
This worked correctly.
I then attempted to setup a second configuration file on an aliased Ethernet address.
The configuration file settings are:
test1.conf accept = 10.168.1.132:443 connect = 10.168.1.132:80
test2.conf accept = 10.168.1.133:443 connect = 10.168.1.133:80
Stunnel is able to start the first configuration file, but not the second. The error message I can see when I run the second configuration file in the foreground is:
accept socket: FD=11 allocated (non-blocking mode) Option SO_REUSEADDR set on accept socket Error binding https to 10.168.1.133:443 bind: Address already in use (98)
and if I telnet to 10.168.1.133 on port 443 the connection is accepted.
I have attempted to use the binding socket options in the configuration files as described in the manual:
socket = a:SO_BINDTODEVICE=eth0:0 and socket = a:SO_BINDTODEVICE=eth0:1
However in this case stunnel will not start either configuration file. The error message I receive is: Option SO_REUSEADDR set on accept socket SO_BINDTODEVICE: No such device (19)
Is there a different way to configure stunnel to allow this to work? My ipconfig settings are below.
I am running the ubuntu 10.04 version of stunnel. The version output is:
stunnel 4.35 on x86_64-pc-linux-gnu with OpenSSL 1.0.0e 6 Sep 2011 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Thanks,
John
eth0:0 Link encap:Ethernet HWaddr 3c:4a:92:6d:0b:08 inet addr:10.168.1.132 Bcast:10.168.1.132 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:16 Memory:f4000000-f4012800
eth0:1 Link encap:Ethernet HWaddr 3c:4a:92:6d:0b:08 inet addr:10.168.1.133 Bcast:10.168.1.133 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:16 Memory:f4000000-f4012800
On Thu, 2012-06-28 02:01:36 +1000, John Morrison wrote:
Hi,
Is it possible to configure stunnel to use the same port on different IP addresses that are Ethernet aliases?
Hi John,
on most (if not all) operating systems, you bind() a socket to a network interface, not to an IP address. The confusion is caused by the fact, the network interface is identified by its IP address. The second IP address on your eth0 really is an alias, i.e. a second name for the same thing.
Thus, I'm afraid you can't configure stunnel to distinguish the IP addresses on the same ethernet interface.
HTH,
Ludolf
I had continued trying to make this work and determined my underlying problem. I had not changed the pid configuration item when I coped the configuration files. When this occurred the second instance was not starting up. I am unsure why I was receiving bind errors however stunnel does work with Ethernet aliases and the correct way to do this is via setting the IP address on the accept line, not via using bind parameters. John
test1.conf accept = 10.168.1.132:443 connect = 10.168.1.132:80
test2.conf accept = 10.168.1.133:443 connect = 10.168.1.133:80
-
John Morrison -
Ludolf Holzheid