[TCLUG] more of mysql tunneling

Tue Mar 20 15:31:35 CST 2001

On Tue, Mar 20, 2001 at 12:19:51PM -0600, Amy Tanner wrote:
>Hey Ben - once you've figured out how to do this, why don't you write
>up a howto ? ;)

There is some but they don't seem to work for me. Plus I'm no technical
writer. I may give it a try.

>
>On Tue, Mar 20, 2001 at 12:17:07PM -0600, Jason J (jasonj at innominatus.com) wrote:
>> Are you sure your ssl certificates are valid?
>> 
>> 'openssl verify <filename>.pem'
>> 
>> I had some errors in the beginning when some of my certs where bad. I dont know why
>> the cert was bad, but I remade it with:
>> 
>> 'openssl req -new -x509 -nodes -days 365 -out /usr/local/ssl/certs/stunnel.pem
>> -keyout /usr/local/ssl/certs/stunnel.pem'
>> 
>> 
>> 
>> 
>> 
>> Ben Lutgens wrote:
>> 
>> > On Mon, Mar 19, 2001 at 11:28:39PM -0600, Jason J wrote:
>> > >Stunnel doesnt suck. I have been using this method to tunnel my database
>> > >interaction for atleast 6 months.
>> >
>> > No matter what I do, it seems like it's going to connect and then I get
>> > SSL_connect: error:0000000000::lib(0) :func:(0) :reason(0)
>> > in the log on client side
>> > and
>> >
>> > stunnel: localhost.3306 connected from web.server.ip:some_randomportnumber
>> > stunnel: remote connect: Connection Refused (111)
>> >
>> > in the log on the server side. I am not trying to go through my firewall yet.
>> > and am running the exact same commands I see both in this mail and on
>> > stunnel.org
>> >
>> > >
>> > >Client Web Server Side:
>> > >IP: Any IP
>> > >box1# /usr/local/sbin/stunnel  -c -p /usr/local/ssl/certs/stunnel.pem -d
>> > >127.0.0.1:3306 -r 10.10.10.5:3306    # Only bound to local loopback, not
>> > >accessible from any other interfaces
>> > >
>> > >Server MySQL Side:
>> > >IP: 10.10.10.5
>> > >box2# /usr/local/sbin/stunnel -p /usr/local/ssl/certs/stunnel.pem -d
>> > >10.10.10.5:3306 -r 127.0.0.1:3306     # Only bound to ethX and forwards traffic
>> > >from ethX to local loopback
>> > >/usr/local/bin/safe_mysqld --bind-address=127.0.0.1    # Only bound to local
>> > >loopback interface, not accessible from any other interfaces
>> > >
>> > >Test:
>> > >box1# telnet 127.0.0.1 3306
>> > >Trying 127.0.0.1...
>> > >Connected to 127.0.0.1.
>> > >Escape character is '^]'.
>> > >?
>> > >3.22.32KiQ;n=&A
>> > >
>> > >3.22.32 is the version of mysql currently running on the old dev box I ran this
>> > >test on. So it worked.
>> > >
>> > >
>> > >the binding of mysql on 3306 only on 'lo' and stunnel on 3306 only on 'ethX'
>> > >wont conflict. Plus, you dont have to use the same port numbers anyway, I just
>> > >do it for convience, mysql always running on 3306.
>> > >
>> > >
>> > >
>> > >
>> > >Ben Lutgens wrote:
>> > >
>> > >> O.k. so I am trying to tunnel mmysql using stunnel. So far I'm convinced it's
>> > >> not possible. How can you bind port 3306 on your tunnel when mysql is using
>> > >> that port? It makes no sense to me.
>> > >>
>> > >> On the server side if you run stunnel -p $PEMFILE -d $REMOTEIP -r
>> > >> 127.0.0.1:3306
>> > >>
>> > >> I get "Can't bind requested address"
>> > >>
>> > >> Tunneling stuff through ssh sucks, and it seems stunnel sucks too.
>> > >>
>> > >> --
>> > >> Ben Lutgens             cell: 612.670.4789
>> > >> Sistina Software Inc.   work: 612.379.3951
>> > >> Code Monkey Support (A.K.A. System Administrator)
>> > >>
>> > >> "It's hard to believe that's the same frail woman who once sprained her wrist
>> > >> from having too much dip on a cracker!" -- Frazier Crane
>> > >>
>> > >>   ------------------------------------------------------------------------
>> > >>    Part 1.2Type: application/pgp-signature
>> > >
>> > >_______________________________________________
>> > >tclug-list mailing list
>> > >tclug-list at mn-linux.org
>> > >https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>> >
>> > --
>> > Ben Lutgens             cell: 612.670.4789
>> > Sistina Software Inc.   work: 612.379.3951
>> > Code Monkey Support (A.K.A. System Administrator)
>> >
>> > "It's hard to believe that's the same frail woman who once sprained her wrist
>> > from having too much dip on a cracker!" -- Frazier Crane
>> >
>> >   ------------------------------------------------------------------------
>> >    Part 1.2Type: application/pgp-signature
>> 
>> _______________________________________________
>> tclug-list mailing list
>> tclug-list at mn-linux.org
>> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
>-- 
>Amy Tanner                                      Voice: 952.943.8700
>Real Time Enterprises, Inc.	                  Fax: 952.943.8500
>amy at real-time.com		    	   http://www.real-time.com
>GPG Fingerprint: DAC7 E1B2 80D9 3099 1A20  0817 2DFE 5086 81B3 5466
>_______________________________________________
>tclug-list mailing list
>tclug-list at mn-linux.org
>https://mailman.mn-linux.org/mailman/listinfo/tclug-list

-- 
Ben Lutgens		cell: 612.670.4789
Sistina Software Inc.	work: 612.379.3951
Code Monkey Support (A.K.A. System Administrator)

"It's hard to believe that's the same frail woman who once sprained her wrist
from having too much dip on a cracker!" -- Frazier Crane
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010320/0761c961/attachment.pgp