It doesn't seem possible to start 1 instance of Stunnel for multiple accept ports.
Judging by the format of the Stunnel configuration file, it seems that I need to 1 instance of Stunnel for each port that accepts connections from the outside world.
Is this true?
On Fri, 11 Feb 2005, Michael Zarlenga wrote:
It doesn't seem possible to start 1 instance of Stunnel for multiple accept ports.
Judging by the format of the Stunnel configuration file, it seems that I need to 1 instance of Stunnel for each port that accepts connections from the outside world.
Is this true?
No. Per listening port you define a service entry in the stunnel 4.x configuration file.
http://www.stunnel.org/faq/stunnel.html#servicelevel_options
You'll have one configfile, one stunnel-daemon instance and multiple listening ports.
Jan
re: Multiple listeners for 1 instance of Stunnel
Ok, so in the Stunnel config file, would the proper way be:
... service = [service_1] [service_1] specific service_1 options service = [service_2] [service_2] specify service_2 options ...
or would the proper way be:
... service = [service_1] service = [service_2] [service_1] specifiy service_1 options [service_2] specify service_2 options ...
Or doesn't it mater?
Also, do all the global stunnel options (eg: verify, CAFile, cert amd key) apply to all services?
Lastly, can I have two services forwarding to the same connect port?
On Mon, 14 Feb 2005 10:12:15 +0100 (CET), Jan Meijer jan.meijer@surfnet.nl wrote:
On Fri, 11 Feb 2005, Michael Zarlenga wrote:
It doesn't seem possible to start 1 instance of Stunnel for multiple accept ports.
Judging by the format of the Stunnel configuration file, it seems that I need to 1 instance of Stunnel for each port that accepts connections from the outside world.
Is this true?
No. Per listening port you define a service entry in the stunnel 4.x configuration file.
http://www.stunnel.org/faq/stunnel.html#servicelevel_options
You'll have one configfile, one stunnel-daemon instance and multiple listening ports.
Jan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
How about this one (this works) - have you ever seen a Windows INI file?
[pop3s] accept = 995 connect = 110
[imaps] accept = 993 connect = 143
[ssmtp] accept = 465 connect = 25
[s1] accept = 5000 connect = server1:110
[s2] accept = 5001 connect = server2:25
[s10000] accept = 10000 connect = 80
[10.1.1.100] accept = 10100 connect = 80
[client-10.1.1.101] accept = 10101 connect = 80
[Arbeitsstation-APC102] accept = 10102 connect = 80
On Montag 14 Februar 2005 18:16, Michael Zarlenga wrote:
re: Multiple listeners for 1 instance of Stunnel
Ok, so in the Stunnel config file, would the proper way be:
... service = [service_1] [service_1] specific service_1 options service = [service_2] [service_2] specify service_2 options ...
or would the proper way be:
... service = [service_1] service = [service_2] [service_1] specifiy service_1 options [service_2] specify service_2 options ...
Or doesn't it mater?
Also, do all the global stunnel options (eg: verify, CAFile, cert amd key) apply to all services?
Lastly, can I have two services forwarding to the same connect port?
On Mon, 14 Feb 2005 10:12:15 +0100 (CET), Jan Meijer
jan.meijer@surfnet.nl wrote:
On Fri, 11 Feb 2005, Michael Zarlenga wrote:
It doesn't seem possible to start 1 instance of Stunnel for multiple accept ports.
Judging by the format of the Stunnel configuration file, it seems that I need to 1 instance of Stunnel for each port that accepts connections from the outside world.
Is this true?
No. Per listening port you define a service entry in the stunnel 4.x configuration file.
http://www.stunnel.org/faq/stunnel.html#servicelevel_options
You'll have one configfile, one stunnel-daemon instance and multiple listening ports.
Jan
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
- -- Heiko Nardmann (Dipl.-Ing. Technische Informatik) secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de), Weidenauer Str. 223-225, D-57076 Siegen Tel. : +49 271 48950-13, Fax : +49 271 48950-50
Besuchen Sie uns vom 10. - 16. März auf der CeBIT 2005 in Halle 7, Stand D38.
Informationen zu unseren CeBIT-Themen finden Sie unter www.secunet.com outbind://44/www.secunet.com - wir freuen uns auf das Gespräch mit Ihnen.
or would the proper way be:
Check the examples in the manpage: http://www.stunnel.org/faq/stunnel.html#header
Also, do all the global stunnel options (eg: verify, CAFile, cert amd key) apply to all services?
Yes.
Lastly, can I have two services forwarding to the same connect port?
Yep, no reason why not.
You can't have two services *listening* on the same accept port.
Jan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Dienstag 15 Februar 2005 10:26, Jan Meijer wrote:
or would the proper way be:
Check the examples in the manpage: http://www.stunnel.org/faq/stunnel.html#header
Also, do all the global stunnel options (eg: verify, CAFile, cert amd key) apply to all services?
Yes.
Lastly, can I have two services forwarding to the same connect port?
Yep, no reason why not.
You can't have two services *listening* on the same accept port.
except that they differ in the ip address ...
Jan _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
- -- Heiko Nardmann (Dipl.-Ing. Technische Informatik) secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de), Weidenauer Str. 223-225, D-57076 Siegen Tel. : +49 271 48950-13, Fax : +49 271 48950-50
Besuchen Sie uns vom 10. - 16. März auf der CeBIT 2005 in Halle 7, Stand D38.
Informationen zu unseren CeBIT-Themen finden Sie unter www.secunet.com outbind://44/www.secunet.com - wir freuen uns auf das Gespräch mit Ihnen.
-
Jan Meijer -
Michael Zarlenga -
Nardmann, Heiko