[stunnel-users] Stunnel connection from A to B but direction from B to A?
Ludolf Holzheid
lholzheid at bihl-wiedemann.de
Wed Apr 14 09:15:19 CEST 2010
On Tue, 2010-04-13 22:51:46 +0200, Michal Trojnara wrote:
> Carsten Krüger wrote:
>
>> is it possible with stunnel to connect from host A to host B but to
>> have the port redirection the other way?
>
> SSL provides a 1:1 cryptographic protection of a TCP connection. For
> additional services (e.g. multiple data streams) you either need a
> different protocol (e.g. http://www.ietf.org/rfc/rfc4251.txt), or an
> additional proprietary protocol encapsulated within the standard SSL (so
> called "SSL VPNs" take this approach). Please bear in mind such "SSL
> VPN" is no longer just SSL encryption, as it needs this proprietary
> protocol implemented on both ends. Stunnel does not break SSL this way.
Michał,
I'm not sure this is what Carsten is looking for.
My understanding is, he needs an SSL-encrypted connection from A to B,
and simultaneously an unencrypted, but also redirected connection from
B to A. All connections HTTP with destination port 80:
browser on A -> stunnel A->B -> HTTP server on B -> e.g. redir B->A -> HTTP server on A
If this is the case, it should be feasible by binding the stunnel
server on A to 127.0.0.1 and the HTTP server (also on A) to the
external IP address only (and likewise for the unencrypted tunnel in
the other direction).
Or the tunnel endpoints listen on a port different from 80.
HTH
Ludolf
--
---------------------------------------------------------------
Ludolf Holzheid Tel: +49 621 339960
Bihl+Wiedemann GmbH Fax: +49 621 3392239
Floßwörthstraße 41 e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------
More information about the stunnel-users
mailing list