I just tried what I posted a week or so ago. It works just fine. ssh -L 3306:localhost:3306 cascade.veldy.net You can add the username password stuff yourself. At this point, the local port 3306 is a front to mysql on cascade. I only had to have permissions set in MySQL to accept connnections localhost. Localhost is relative to the host -- so it is localhost on the host. I have been doing this very thing from a Windows GUI client to ssh so that I can use MySQL via ODBC which points to localhost 3306 (the tunnel to mysql). Tom Veldhouse veldy at veldy.net ----- Original Message ----- From: "Amy Tanner" <atebbe at real-time.com> To: <tclug-list at mn-linux.org> Sent: Tuesday, March 20, 2001 12:19 PM Subject: Re: [TCLUG] more of mysql tunneling > Hey Ben - once you've figured out how to do this, why don't you write > up a howto ? ;) > > On Tue, Mar 20, 2001 at 12:17:07PM -0600, Jason J (jasonj at innominatus.com) wrote: > > Are you sure your ssl certificates are valid? > > > > 'openssl verify <filename>.pem' > > > > I had some errors in the beginning when some of my certs where bad. I dont know why > > the cert was bad, but I remade it with: > > > > 'openssl req -new -x509 -nodes -days 365 -out /usr/local/ssl/certs/stunnel.pem > > -keyout /usr/local/ssl/certs/stunnel.pem' > > > > > > > > > > > > Ben Lutgens wrote: > > > > > On Mon, Mar 19, 2001 at 11:28:39PM -0600, Jason J wrote: > > > >Stunnel doesnt suck. I have been using this method to tunnel my database > > > >interaction for atleast 6 months. > > > > > > No matter what I do, it seems like it's going to connect and then I get > > > SSL_connect: error:0000000000::lib(0) :func:(0) :reason(0) > > > in the log on client side > > > and > > > > > > stunnel: localhost.3306 connected from web.server.ip:some_randomportnumber > > > stunnel: remote connect: Connection Refused (111) > > > > > > in the log on the server side. I am not trying to go through my firewall yet. > > > and am running the exact same commands I see both in this mail and on > > > stunnel.org > > > > > > > > > > >Client Web Server Side: > > > >IP: Any IP > > > >box1# /usr/local/sbin/stunnel -c -p /usr/local/ssl/certs/stunnel.pem -d > > > >127.0.0.1:3306 -r 10.10.10.5:3306 # Only bound to local loopback, not > > > >accessible from any other interfaces > > > > > > > >Server MySQL Side: > > > >IP: 10.10.10.5 > > > >box2# /usr/local/sbin/stunnel -p /usr/local/ssl/certs/stunnel.pem -d > > > >10.10.10.5:3306 -r 127.0.0.1:3306 # Only bound to ethX and forwards traffic > > > >from ethX to local loopback > > > >/usr/local/bin/safe_mysqld --bind-address=127.0.0.1 # Only bound to local > > > >loopback interface, not accessible from any other interfaces > > > > > > > >Test: > > > >box1# telnet 127.0.0.1 3306 > > > >Trying 127.0.0.1... > > > >Connected to 127.0.0.1. > > > >Escape character is '^]'. > > > >? > > > >3.22.32KiQ;n=&A > > > > > > > >3.22.32 is the version of mysql currently running on the old dev box I ran this > > > >test on. So it worked. > > > > > > > > > > > >the binding of mysql on 3306 only on 'lo' and stunnel on 3306 only on 'ethX' > > > >wont conflict. Plus, you dont have to use the same port numbers anyway, I just > > > >do it for convience, mysql always running on 3306. > > > > > > > > > > > > > > > > > > > >Ben Lutgens wrote: > > > > > > > >> O.k. so I am trying to tunnel mmysql using stunnel. So far I'm convinced it's > > > >> not possible. How can you bind port 3306 on your tunnel when mysql is using > > > >> that port? It makes no sense to me. > > > >> > > > >> On the server side if you run stunnel -p $PEMFILE -d $REMOTEIP -r > > > >> 127.0.0.1:3306 > > > >> > > > >> I get "Can't bind requested address" > > > >> > > > >> Tunneling stuff through ssh sucks, and it seems stunnel sucks too. > > > >> > > > >> -- > > > >> Ben Lutgens cell: 612.670.4789 > > > >> Sistina Software Inc. work: 612.379.3951 > > > >> Code Monkey Support (A.K.A. System Administrator) > > > >> > > > >> "It's hard to believe that's the same frail woman who once sprained her wrist > > > >> from having too much dip on a cracker!" -- Frazier Crane > > > >> > > > ------------------------------------------------------------------------ > > > >> Part 1.2Type: application/pgp-signature > > > > > > > >_______________________________________________ > > > >tclug-list mailing list > > > >tclug-list at mn-linux.org > > > >https://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > > > > -- > > > Ben Lutgens cell: 612.670.4789 > > > Sistina Software Inc. work: 612.379.3951 > > > Code Monkey Support (A.K.A. System Administrator) > > > > > > "It's hard to believe that's the same frail woman who once sprained her wrist > > > from having too much dip on a cracker!" -- Frazier Crane > > > > > ------------------------------------------------------------------------ > > > Part 1.2Type: application/pgp-signature > > > > _______________________________________________ > > tclug-list mailing list > > tclug-list at mn-linux.org > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > > -- > Amy Tanner Voice: 952.943.8700 > Real Time Enterprises, Inc. Fax: 952.943.8500 > amy at real-time.com http://www.real-time.com > GPG Fingerprint: DAC7 E1B2 80D9 3099 1A20 0817 2DFE 5086 81B3 5466 > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >