bbproxy over stunnel

Darrin Khan medavian at gmail.com
Mon Nov 24 11:58:17 CET 2008 

Hello All,

I have a problem getting stunnel and bbproxy  to hobbitd to play nicely. I
am not sure if this has been covered before, however I have found a few bits
and peices of information about hobbit and stunnel, but nothing like what I
have configured.

Here is  the idea..

client -> bbproxy -> stunnel -> stunnel ->hobbitd

Client is a SQL server that can't see the world. bbproxy is running on a
server behind a firewall that the SQL server can reach. bbproxy is
configured to send data to 127.0.0.1:11984. stunnel is listening on
127.0.0.1:11984 this then forwards out through the firewall to another
server running stunnel listening on 11984 this in turn dumps traffic on the
remote server to port 1984 (hobbitd).

This config works great, all my messages are encrypted and I am getting all
the updates to hobbitd on the remote server no worries. Has been working
like this for a few weeks now.

The issue I have been trying to nut out is that the clients are not
receiving any config in the other direction, particularly the
log:/var/log/messages:10240 entries from client-local.cfg.

If I remove the stunnel(s) and tell the bbproxy to connect to the hobbitd
directly, the clients get the config data in the reverse direction and they
in turn send back the log data they are supposed to.

Has anyone been able to get this to work ?

I suspect it may be my stunnel configs. they are below. Any help would be
greatly appreciated.

Darrin

----- bbproxy server -----
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 5
output = /var/log/stunnel.log
foreground=no

[hobbit]
accept = 11984
connect = xx.xx.xxx.xxx:11984
TIMEOUTbusy     = 5
TIMEOUTclose    = 2
TIMEOUTconnect  = 2
TIMEOUTidle     = 5

----- hobbitd server -----
cert = /etc/pki/tls/certs/nms.ext.example.net.pem
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 5
output = /var/log/stunnel.log
foreground=no

[hobbit]
accept   = 11984
connect = 1984
TIMEOUTbusy     = 5
TIMEOUTclose    = 2
TIMEOUTconnect  = 2
TIMEOUTidle     = 5

-- 
Darrin Khan
medavian at gmail.com
"If you save the world too often, it begins to expect it..."
- Unknown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20081124/52504f8c/attachment.html>

More information about the Xymon mailing list