[stunnel-users] stunnel with smb from 2 networks behind firewalls
Philippe
phil at migratis.net
Mon Mar 19 14:19:00 CET 2012
oups look like I was reading the false stunnel.log here is what does
find logcheck :
Mar 19 13:47:14 server stunnel: LOG5[21517:139783982704384]: Service
smb accepted connection from 196.25.36.134:50005
Mar 19 13:47:14 server stunnel: LOG5[21517:139783982704384]:
connect_blocking: connected 127.0.0.1:139
Mar 19 13:47:14 server stunnel: LOG5[21517:139783982704384]: Service
smb connected remote server from 127.0.0.1:50215
Mar 19 13:47:44 server stunnel: LOG5[21517:139783982704384]: Error
detected on SSL (read) file descriptor: Connection reset by peer (104)
Mar 19 13:47:44 server stunnel: LOG5[21517:139783982704384]: Connection
reset: 0 bytes sent to SSL, 143 bytes sent to socket
So it looks like a SSL parameter problem.
I have on both side :
sslVersion = TLSv1
because the PCB stunnel doesn't start if I set SSLv2
and the PCA stunnel is crashing when I set SSLv3
What can I do then ?
Best
Philippe
On Mon, 19 Mar 2012 13:57:44 +0100, Philippe wrote:
> Hello,
>
> Here is my setup :
>
>
> [PCA]-------------[Firewall-A]---------------{INTERNET}-----------[45.212.56.178:21213|Firewall-B|192.168.0.1:8139]--------[PCB]
>
> PCA : Windows 7
> stunnel.conf :
>
> [smb]
> client = yes
> accept = 10.232.232.232:139
> connect = 45.212.56.178:21213
>
> PCB : Ubuntu Oneiric 11.10
> stunnel.conf :
>
> [smb]
> accept = 8139
> connect = 139
>
> When I try to connect a network drive from PCA to a remote drive of
> PCB
>
> here are the stunnel.log of PCA :
>
> 2012.03.19 13:47:02 LOG5[3744:2564]: Reading configuration from file
> stunnel.conf
> 2012.03.19 13:47:02 LOG5[3744:2564]: FIPS mode is enabled
> 2012.03.19 13:47:02 LOG7[3744:2564]: Compression not enabled
> 2012.03.19 13:47:02 LOG7[3744:2564]: Snagged 64 random bytes from
> C:/.rnd
> 2012.03.19 13:47:02 LOG7[3744:2564]: Wrote 0 new random bytes to
> C:/.rnd
> 2012.03.19 13:47:02 LOG7[3744:2564]: PRNG seeded successfully
> 2012.03.19 13:47:02 LOG6[3744:2564]: Initializing SSL context for
> service smb
> 2012.03.19 13:47:02 LOG7[3744:2564]: Certificate: stunnel.pem
> 2012.03.19 13:47:02 LOG7[3744:2564]: Certificate loaded
> 2012.03.19 13:47:02 LOG7[3744:2564]: Key file: stunnel.pem
> 2012.03.19 13:47:02 LOG7[3744:2564]: Private key loaded
> 2012.03.19 13:47:02 LOG7[3744:2564]: SSL options set: 0x01000004
> 2012.03.19 13:47:02 LOG6[3744:2564]: SSL context initialized
> 2012.03.19 13:47:02 LOG5[3744:2564]: Configuration successful
> 2012.03.19 13:47:02 LOG7[3744:2564]: Service smb closed FD=200
> 2012.03.19 13:47:13 LOG5[3744:3940]: Service smb accepted connection
> from 10.232.232.232:50004
> 2012.03.19 13:47:13 LOG5[3744:3940]: connect_blocking: connected
> 45.212.56.178:21213
> 2012.03.19 13:47:13 LOG5[3744:3940]: Service smb connected remote
> server from 192.168.3.4:50005
> 2012.03.19 13:47:43 LOG3[3744:3940]: readsocket: Connection reset by
> peer (WSAECONNRESET) (10054)
> 2012.03.19 13:47:43 LOG5[3744:3940]: Connection reset: 143 bytes sent
> to SSL, 0 bytes sent to socket
>
> No logs on PCB
>
>
> it seems that the SSL connection doesn't cross the firewall B, if not
> I would saw logs in stunnel.log of PCB isn't it ?
> What can I do better to make this setup working ? Does the firewall B
> porforwarding is blocking the process ?
>
> Best regards
>
> Philippe
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list