On Sun, 24 Apr 2005 09:02:58 +0200, ago wrote: >> On Sat, 2005-04-23 at 23:47 +0200, [EMAIL PROTECTED] wrote: >>> > Yes. Here are the lines from my rc.local that start the tunnels: >>> > # added by JDG on 2005/04/08 to encrypt connections TO the bacula >>> > # storage daemon >>> > /usr/sbin/stunnel -D 6 -S 0 -d 29103 -r localhost:9103 -p >>> > /usr/share/ssl/certs/host.key.pem >>> That's not the proper way to run it on FD machine. >>> Use stunnel -c -d localhost:29103 -r SDmachine:9202 -p ..... >> It's not the FD machine. It's the SD/Dir machine. > ok, I misunderstood your lines than (the TO word confused me). It seems > good ways than. Do you use any type of application level firewall?
Yes, we're using ipchains on this particular machine. Here are the allow rules: # Added by JDG on 2005/04/13 to allow SSL connections from remote # bacula clients to the local bacula storage daemon. -A input -s 217.199.182.114 -d 216.64.96.12 29103 -p tcp -y -j ACCEPT -A input -s 217.199.182.119 -d 216.64.96.12 29103 -p tcp -y -j ACCEPT -A input -s 212.42.0.130 -d 216.64.96.12 29103 -p tcp -y -j ACCEPT > Any > other custom and exocitoc routing and network setup? No. > If you remove stunnel > protection does it work (with test datas, off course). The only diferrence > between your stunnel rule and mine is that I use the -A option (CA > certificate file) at SD machine. I don't think that's the mistake but who > knows... Yeah, I don't think so. I'm starting to think it might be a TCP/IP issue. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
