[stunnel-users] stunnel4 stealing my ports (listening on ports it shouldn't be)

Eric Brown eric.brown at propel.com
Wed Apr 12 04:21:08 CEST 2006


I have two stunnel processes. One listing on 443 -> localhost:80. The  
other listening on 8000 -> localhost:7001. (See configs below.)

However, when I stop the process listening on port 7001, both stunnel  
processes start listening on 7001 (and a few other ports). I'm  
completely confused as to why this would happen.

This is what I see normally:
mta4-tiny-support (epgate)[6]$ sudo lsof -p 25253 -p 25255 -a -i4
Password:
COMMAND    PID USER   FD   TYPE  DEVICE SIZE NODE NAME
stunnel4 25253 root    6u  IPv4 3439450       TCP *:8000 (LISTEN)
stunnel4 25255 root    6u  IPv4 3439456       TCP *:https (LISTEN)

This is what I see when stunnel appears to go bizerk: (after stopping  
the process that was listening on ports *:7000, localhost:7001 &  
localhost:7005)

COMMAND    PID USER   FD   TYPE  DEVICE SIZE NODE NAME
stunnel4 22788 root    5u  IPv4 1269640       TCP 127.0.0.1:4341- 
 >127.0.0.1:19996 (CLOSE_WAIT)
stunnel4 22788 root    6u  IPv4 1273504       TCP 127.0.0.1:7001  
(LISTEN)
stunnel4 22788 root    7u  IPv4 1273476       TCP 127.0.0.1:4606- 
 >127.0.0.1:19995 (ESTABLISHED)
stunnel4 22788 root    9u  IPv4 1273477       TCP 127.0.0.1:19995- 
 >127.0.0.1:4606 (ESTABLISHED)
stunnel4 22788 root   11u  IPv4 1273507       TCP *:7000 (LISTEN)
stunnel4 22788 root   17u  IPv4 1273515       TCP 127.0.0.1:7005  
(LISTEN)
stunnel4 22788 root   19u  IPv4 1274895       TCP 127.0.0.1:7001- 
 >127.0.0.1:1793 (CLOSE_WAIT)
stunnel4 22788 root   24u  IPv4 1275089       TCP *:8000 (LISTEN)
stunnel4 22790 root    5u  IPv4 1269640       TCP 127.0.0.1:4341- 
 >127.0.0.1:19996 (CLOSE_WAIT)
stunnel4 22790 root    6u  IPv4 1273504       TCP 127.0.0.1:7001  
(LISTEN)
stunnel4 22790 root    7u  IPv4 1273476       TCP 127.0.0.1:4606- 
 >127.0.0.1:19995 (ESTABLISHED)
stunnel4 22790 root    9u  IPv4 1273477       TCP 127.0.0.1:19995- 
 >127.0.0.1:4606 (ESTABLISHED)
stunnel4 22790 root   11u  IPv4 1273507       TCP *:7000 (LISTEN)
stunnel4 22790 root   17u  IPv4 1273515       TCP 127.0.0.1:7005  
(LISTEN)
stunnel4 22790 root   19u  IPv4 1274895       TCP 127.0.0.1:7001- 
 >127.0.0.1:1793 (CLOSE_WAIT)
stunnel4 22790 root   24u  IPv4 1275094       TCP *:443 (LISTEN)

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address          
State       User       Inode      PID/Program name
tcp        0      0 127.0.0.1:7008          0.0.0.0:*                
LISTEN     0          1281907    24848/python
tcp        0      0 0.0.0.0:8000            0.0.0.0:*                
LISTEN     0          1275089    22788/stunnel4
tcp        0      0 0.0.0.0:1025            0.0.0.0:*                
LISTEN     0          1681       -
tcp        0      0 0.0.0.0:963             0.0.0.0:*                
LISTEN     0          1556       1205/rpc.statd
tcp        0      0 0.0.0.0:111             0.0.0.0:*                
LISTEN     0          1238       986/portmap
tcp        0      0 0.0.0.0:80              0.0.0.0:*                
LISTEN     0          1281911    24848/python
tcp        0      0 127.0.0.1:7025          0.0.0.0:*                
LISTEN     0          1281130    24605/master
tcp        0      0 127.0.0.1:7026          0.0.0.0:*                
LISTEN     0          1281542    24677/python
tcp        0      0 0.0.0.0:818             0.0.0.0:*                
LISTEN     0          1356       1061/ypbind
tcp        0      0 127.0.0.1:7027          0.0.0.0:*                
LISTEN     0          1281731    24777/python
tcp        0      0 127.0.0.1:7028          0.0.0.0:*                
LISTEN     0          1281910    24848/python
tcp        0      0 0.0.0.0:22              0.0.0.0:*                
LISTEN     0          1486       1195/sshd
tcp        0      0 0.0.0.0:7000            0.0.0.0:*                
LISTEN     0          1273507    22788/stunnel4
tcp        0      0 127.0.0.1:5432          0.0.0.0:*                
LISTEN     400        1269115    20559/postmaster
tcp        0      0 172.16.80.213:25        0.0.0.0:*                
LISTEN     0          1281126    24605/master
tcp        0      0 172.16.80.212:25        0.0.0.0:*                
LISTEN     0          1280994    24584/master
tcp        0      0 127.0.0.1:7001          0.0.0.0:*                
LISTEN     0          1273504    22788/stunnel4
tcp        0      0 0.0.0.0:443             0.0.0.0:*                
LISTEN     0          1275094    22790/stunnel4
tcp        0      0 127.0.0.1:955           0.0.0.0:*                
LISTEN     0          1518       1201/famd
tcp        0      0 127.0.0.1:7005          0.0.0.0:*                
LISTEN     0          1273515    22788/stunnel4
tcp        0      0 127.0.0.1:7006          0.0.0.0:*                
LISTEN     0          1281540    24677/python
tcp        0      0 127.0.0.1:7007          0.0.0.0:*                
LISTEN     0          1281724    24777/python


I'm running stunnel 4.09 on Debian 3.1/Linux 2.6 Kernel. My  
configurations are:
pid=/var/run/epgate_admin_stunnel4.pid
cert=/epgate/etc/ssl/admin.stunnel

[Admin]
accept=8000
connect=7001

and:
pid=/var/run/epgate_quarantine_stunnel4.pid
cert=/epgate/etc/ssl/quar.stunnel

[Quarantine]
accept=443
connect=80

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20060411/98e6d525/attachment.html>


More information about the stunnel-users mailing list