[stunnel-users] stunnel-4.15-2.el5.1 zombie when xinetd
tatiana philippova
t.a.philippova at gmail.com
Thu Feb 25 22:35:41 CET 2010
Hi All,
I have a problem with stunnel in xinetd mode. It cannot connect to
specified localhost:port - always getting child stunnel defunct as a
result..
4789 ? Ss 0:00 \_ stunnel /etc/stunnel/stunnel.conf
4790 ? Z 0:00 \_ [stunnel] <defunct>
I'm trying use rsync via stunnel (!ssh for rsync does not suits me in
this particular case, but I need encrypt backup traffic anyway.. so
have chosen stunnel)
client config:
cert = /etc/stunnel/stunnel_client_cert.pem
client = yes
pid = /var/run/stunnel.pid
debug = 7
output = /var/log/stunnel.log
sslVersion = SSLv2
[ssync]
accept = 873
connect = myhost.somewhere.net:273
server config:
cert = /etc/stunnel/certs/host.pem
key = /etc/stunnel/certs/private/cakey.pem
client = no
pid = /var/run/stunnel.pid
debug = 7
#foreground = yes
output = /var/log/stunel.log
connect = 873
xinetd config:
# default: off
# description: SSL wrapper for rsyncd
service ssync
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/stunnel
server_args = /etc/stunnel/stunnel.conf
log_on_success += HOST DURATION
log_on_failure += HOST
only_from = 192.168.5.15 127.0.0.1
}
on server side
/etc/services:
ssync 273/tcp # rsync over stunnel
# ps axf | grep rsyn
15637 ? S 0:00 /usr/bin/rsync -4 --daemon --no-detach
# netstat -an --program | grep 273
tcp 0 0 0.0.0.0:273 0.0.0.0:*
LISTEN 4751/xinetd
# netstat -an --program | grep 873
tcp 0 0 127.0.0.1:873 0.0.0.0:*
LISTEN 15637/rsync
In case of server stunnel running as standalone - everything works
perfectly well, but I need it working as xinetd service rather than
standalone
Could somebody kindly advise what I'm doing wrong?
soft on server side:
stunnel-4.15-2.el5.1,
openssl-0.9.8e-7.el5
OS CentOS release 5.3 (Final),
kernel 2.6.18-128.1.6.el5
on client side:
stunnel-4.30-1.i386.rpm (compiled as rpmbuild -ta stunnel-4.30.tar.gz)
openssl-0.9.8g-9.14.fc9.i686
OS Fedora release 9 (Sulphur)
kernel 2.6.28
Many thanks in advance
Taphy
More information about the stunnel-users
mailing list