[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] bbproxy over stunnel
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] bbproxy over stunnel
- From: mario andre <rower.master (at) gmail.com>
- Date: Wed, 28 Oct 2009 18:38:58 -0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=kAIVLtWhf20CYBlpdYN7Ot6yJxVTgxVvRyqyl/nmNIA=; b=YzMcZ667w3p8z5OT0h69n9KeE1Rqz7XnAKBRyt2nUwUjDp9L/7VHiVmi1zM03/MFOI fMc/n5739Se06i44hDEexkt8v9BjaucIVJ8GocG0h0jFxuv+40hdcCOq4UfKRF8hHNUl 52z+dMHpKjEegi9gRHaIMa8bsv4fTA0ntKbj0=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=aVwVagjXKPvO888a67WsSmXD6poF6jk3IZo6if7AQ/FQIc8fDECou1hKv0qQVY9bDI SyTGzJS1nFiNeuTOXTyc7UETsBqGqJUeVN5t+17dZTL2nINIoCgAqzYQZDy6zWfhcAzG x1YhWltgfsrCam1TtyP1TN8WUh58riifIGB+E=
- References: <3c038b660811240258q88e1140mfc966f86db6d77c9 (at) mail.gmail.com> <e73320da0910281338n21f6dd58g1fa5b04bc0229d0b (at) mail.gmail.com>
Hi,
>
> I'm trying to do the same thing that you did.
>
> Do I have to copy the cert generated on the server to the bbproxy? I need
> to change the port 1984 to 11984 on the hobbitserver.cfg of the bbporxy?
> I followed the doc on wiki but I think I,ve missed something.
>
> Thanks in advance,
>
> Mario.
>
>
>
>
> On Mon, Nov 24, 2008 at 8:58 AM, Darrin Khan <medavian (at) gmail.com> wrote:
>
>> Hello All,
>>
>> I have a problem getting stunnel and bbproxy to hobbitd to play nicely. I
>> am not sure if this has been covered before, however I have found a few bits
>> and peices of information about hobbit and stunnel, but nothing like what I
>> have configured.
>>
>> Here is the idea..
>>
>> client -> bbproxy -> stunnel -> stunnel ->hobbitd
>>
>> Client is a SQL server that can't see the world. bbproxy is running on a
>> server behind a firewall that the SQL server can reach. bbproxy is
>> configured to send data to 127.0.0.1:11984. stunnel is listening on
>> 127.0.0.1:11984 this then forwards out through the firewall to another
>> server running stunnel listening on 11984 this in turn dumps traffic on the
>> remote server to port 1984 (hobbitd).
>>
>> This config works great, all my messages are encrypted and I am getting
>> all the updates to hobbitd on the remote server no worries. Has been working
>> like this for a few weeks now.
>>
>> The issue I have been trying to nut out is that the clients are not
>> receiving any config in the other direction, particularly the
>> log:/var/log/messages:10240 entries from client-local.cfg.
>>
>> If I remove the stunnel(s) and tell the bbproxy to connect to the hobbitd
>> directly, the clients get the config data in the reverse direction and they
>> in turn send back the log data they are supposed to.
>>
>> Has anyone been able to get this to work ?
>>
>> I suspect it may be my stunnel configs. they are below. Any help would be
>> greatly appreciated.
>>
>> Darrin
>>
>> ----- bbproxy server -----
>> chroot = /var/run/stunnel/
>> setuid = nobody
>> setgid = nobody
>> socket = l:TCP_NODELAY=1
>> socket = r:TCP_NODELAY=1
>> debug = 5
>> output = /var/log/stunnel.log
>> foreground=no
>>
>> [hobbit]
>> accept = 11984
>> connect = xx.xx.xxx.xxx:11984
>> TIMEOUTbusy = 5
>> TIMEOUTclose = 2
>> TIMEOUTconnect = 2
>> TIMEOUTidle = 5
>>
>> ----- hobbitd server -----
>> cert = /etc/pki/tls/certs/nms.ext.example.net.pem
>> chroot = /var/run/stunnel/
>> setuid = nobody
>> setgid = nobody
>> socket = l:TCP_NODELAY=1
>> socket = r:TCP_NODELAY=1
>> debug = 5
>> output = /var/log/stunnel.log
>> foreground=no
>>
>> [hobbit]
>> accept = 11984
>> connect = 1984
>> TIMEOUTbusy = 5
>> TIMEOUTclose = 2
>> TIMEOUTconnect = 2
>> TIMEOUTidle = 5
>>
>> --
>> Darrin Khan
>> medavian (at) gmail.com
>> "If you save the world too often, it begins to expect it..."
>> - Unknown
>>
>
>