Re: Problems with stunnel and router???

Sorry for my lack of clarity. I am forwarding https on 443, but not HTTP 
on port 80. Unauthorized access is prevented by authentication of the 
client certificate by the stunnel setup.

Thanks for you help.

Jon Wilson

Jamie Pratt wrote:

> sounds like your problem might be this statement, which sort of 
> contradicts your first paragraph(?)..:
>
> >I am running Apache listening on 192.168.0.2 and have not
> > forwarded it at the router to prevent unauthorized access. But stunnel
> > doesn't show any access attempts from external IPs, and refuses to
> > allow connections from outside the internal net.
> >
>
> To me, this statement makes total sense - how could anyone access it 
> from the internet side (including you, from behind the router?) if 
> it's not forwarded thru the router to begin with?
>
> have you tried forwarding the port like above, and using iptables or 
> apache directives to limit ip's allowed?  or perhaps your just trying 
> to access it from the inside using the outside address?
>
> you say at first that your forwarding traffic, but then say your not 
> to that port - what exactly *are* you forwarding thru the router? 
> (from the outside->in I mean?)
>
> regards,
> jamie
>
>
> Jon Wilson wrote:
>
> > I have an ADSL router forwarding traffic from the internet to my 
> > local machine 192.168.0.2 and on this machine I am running stunnel 
> > and apache 2.0.48 (I want this so I can run subversion version 
> > control and could only find ssl for apache 1.x). Also I want to 
> > tunnel other services.
> >
> > My stunnel.conf is as below. I have made client and server 
> > certificates and want to certify clients when they connect. I have 
> > installed the .p12 into my browser (mozilla), however, I seem unable 
> > to connect to the tunnel through the router. If I browse 
> > https://192.168.0.2 it all works fine. However, if I use my external 
> > IP of my router or its dyndns.org entry it doesn't. My other services 
> > seem to work ok. Have I messed something up? I am running Apache 
> > listening on 192.168.0.2 and have not forwarded it at the router to 
> > prevent unauthorized access. But stunnel doesn't show any access 
> > attempts from external IPs, and refuses to allow connections from 
> > outside the internal net.
> >
> > Does anyone know what could be wrong here???
> >
> > Many Thanks.
> >
> > Jon Wilson
> >
> > CAfile = ca/ca_cert.pem
> > Cert = server_cert.pem
> > output = server.log
> > verify = 2
> > client = no
> > debug = debug
> > [stunnel]
> > accept=443
> > connect=80