Stunnel doesnt suck. I have been using this method to tunnel my database interaction for atleast 6 months. Client Web Server Side: IP: Any IP box1# /usr/local/sbin/stunnel -c -p /usr/local/ssl/certs/stunnel.pem -d 127.0.0.1:3306 -r 10.10.10.5:3306 # Only bound to local loopback, not accessible from any other interfaces Server MySQL Side: IP: 10.10.10.5 box2# /usr/local/sbin/stunnel -p /usr/local/ssl/certs/stunnel.pem -d 10.10.10.5:3306 -r 127.0.0.1:3306 # Only bound to ethX and forwards traffic from ethX to local loopback /usr/local/bin/safe_mysqld --bind-address=127.0.0.1 # Only bound to local loopback interface, not accessible from any other interfaces Test: box1# telnet 127.0.0.1 3306 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. ? 3.22.32KiQ;n=&A 3.22.32 is the version of mysql currently running on the old dev box I ran this test on. So it worked. the binding of mysql on 3306 only on 'lo' and stunnel on 3306 only on 'ethX' wont conflict. Plus, you dont have to use the same port numbers anyway, I just do it for convience, mysql always running on 3306. Ben Lutgens wrote: > O.k. so I am trying to tunnel mmysql using stunnel. So far I'm convinced it's > not possible. How can you bind port 3306 on your tunnel when mysql is using > that port? It makes no sense to me. > > On the server side if you run stunnel -p $PEMFILE -d $REMOTEIP -r > 127.0.0.1:3306 > > I get "Can't bind requested address" > > Tunneling stuff through ssh sucks, and it seems stunnel sucks too. > > -- > Ben Lutgens cell: 612.670.4789 > Sistina Software Inc. work: 612.379.3951 > Code Monkey Support (A.K.A. System Administrator) > > "It's hard to believe that's the same frail woman who once sprained her wrist > from having too much dip on a cracker!" -- Frazier Crane > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature