Once again I'm stuck. Maybe you guys could help me debug.

3 boxen in question

webserver 208.210.145.139

firewall 208.210.145.138 (is external IP)
	 10.0.1.11       (internal IP) running ipchains / ipmasq

database server 10.0.1.10 

I wanna tunnel database traffic requests from my webserver through the
firewall to a safe database server and would like it to be encrypted.

on webserver I run 
stunnel -c -d 127.0.0.1:3306 -r 208.210.145.138:3306

on firewall I run
stunnel -d 208.210.145.138:3306 -r 127.0.0.1:3306
I allow connections to 208.210.145.138 from 208.210.145.139 on port 3306 with
ipchains and then
ipmasqadm portfw from 127.0.0.1:3306 to 10.0.1.10:3306

I should then be able to run 
mysql -h 127.0.0.1 --port=3307 
on my webserver and talk straight through the tunnel to my database server.
This is not the case.

I see error messages on the webserver and on the firewall but nothing ever
makes it to the database server.

Personally I though that I should be able to stunnel bewtween the database and
webserver with ipmasqadm portfw but this won't work either.

According to the stunnel homepage i should also be able to put the client
stunnel on the internal database server and run daemon mode stunnel on the
webserver and connect backwards through it with no firewall configuration at
all.... I can't make this work either. Anyone have any other ideas I might try
or perhaps a reason why this won't work?


-- 
Ben Lutgens		cell: 612.670.4789
Sistina Software Inc.	work: 612.379.3951
Code Monkey Support (A.K.A. System Administrator)

"I'm opening the "Paige" cache, anyone wanna cycle a few buffers?"
Mike Tilstra - Refering to a pop machine containing James Paige beer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010322/0babf329/attachment.pgp