<br><br><div class="gmail_quote"><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><span><span>Hi,<br><br>I'm trying to do the same thing that you did.<br>
<br>Do I have to copy the cert generated on the server to the bbproxy? I need to change the port 1984 to 11984 on the hobbitserver.cfg of the bbporxy?<br>
I followed the doc on wiki but I think I,ve missed something.<br><br>Thanks in advance,<br><font color="#888888"><br>Mario.<br><br><br><br></font></span></span><div><div></div><div class="h5"><br><div class="gmail_quote">
On Mon, Nov 24, 2008 at 8:58 AM, Darrin Khan <span dir="ltr"><<a href="mailto:medavian@gmail.com" target="_blank">medavian@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hello All,<br><br>I have a problem getting stunnel and bbproxy to hobbitd to play nicely. I am not sure if this has been covered before, however I have found a few bits and peices of information about hobbit and stunnel, but nothing like what I have configured.<br>
<br>Here is the idea..<br><br>client -> bbproxy -> stunnel -> stunnel ->hobbitd<br><br>Client is a SQL server that can't see the world. bbproxy is running on a server behind a firewall that the SQL server can reach. bbproxy is configured to send data to <a href="http://127.0.0.1:11984" target="_blank">127.0.0.1:11984</a>. stunnel is listening on <a href="http://127.0.0.1:11984" target="_blank">127.0.0.1:11984</a> this then forwards out through the firewall to another server running stunnel listening on 11984 this in turn dumps traffic on the remote server to port 1984 (hobbitd).<br>
<br>This config works great, all my messages are encrypted and I am getting all the updates to hobbitd on the remote server no worries. Has been working like this for a few weeks now. <br><br>The issue I have been trying to nut out is that the clients are not receiving any config in the other direction, particularly the log:/var/log/messages:10240 entries from client-local.cfg.<br>
<br>If I remove the stunnel(s) and tell the bbproxy to connect to the hobbitd directly, the clients get the config data in the reverse direction and they in turn send back the log data they are supposed to.<br><br>Has anyone been able to get this to work ?<br>
<br>I suspect it may be my stunnel configs. they are below. Any help would be greatly appreciated.<br><br>Darrin<br><br>----- bbproxy server -----<br>chroot = /var/run/stunnel/<br>setuid = nobody<br>setgid = nobody<br>socket = l:TCP_NODELAY=1<br>
socket = r:TCP_NODELAY=1<br>debug = 5<br>output = /var/log/stunnel.log<br>foreground=no<br><br>[hobbit]<br>accept = 11984<br>connect = xx.xx.xxx.xxx:11984<br>TIMEOUTbusy = 5<br>TIMEOUTclose = 2<br>TIMEOUTconnect = 2<br>
TIMEOUTidle = 5<br><br>----- hobbitd server -----<br>cert = /etc/pki/tls/certs/nms.ext.example.net.pem<br>
chroot = /var/run/stunnel/<br>
setuid = nobody<br>
setgid = nobody<br>
socket = l:TCP_NODELAY=1<br>
socket = r:TCP_NODELAY=1<br>
debug = 5<br>
output = /var/log/stunnel.log<br>
foreground=no<br>
<br>[hobbit]<br>accept = 11984<br>connect = 1984<br>TIMEOUTbusy = 5<br>TIMEOUTclose = 2<br>TIMEOUTconnect = 2<br>TIMEOUTidle = 5<br><font color="#888888"><br>-- <br>Darrin Khan<br><a href="mailto:medavian@gmail.com" target="_blank">medavian@gmail.com</a><br>
"If you save the world too often, it begins to expect it..."<br>- Unknown<br>
</font></blockquote></div><br>
</div></div></blockquote></div><br>