Once again I'm stuck. Maybe you guys could help me debug. 3 boxen in question webserver 208.210.145.139 firewall 208.210.145.138 (is external IP) 10.0.1.11 (internal IP) running ipchains / ipmasq database server 10.0.1.10 I wanna tunnel database traffic requests from my webserver through the firewall to a safe database server and would like it to be encrypted. on webserver I run stunnel -c -d 127.0.0.1:3306 -r 208.210.145.138:3306 on firewall I run stunnel -d 208.210.145.138:3306 -r 127.0.0.1:3306 I allow connections to 208.210.145.138 from 208.210.145.139 on port 3306 with ipchains and then ipmasqadm portfw from 127.0.0.1:3306 to 10.0.1.10:3306 I should then be able to run mysql -h 127.0.0.1 --port=3307 on my webserver and talk straight through the tunnel to my database server. This is not the case. I see error messages on the webserver and on the firewall but nothing ever makes it to the database server. Personally I though that I should be able to stunnel bewtween the database and webserver with ipmasqadm portfw but this won't work either. According to the stunnel homepage i should also be able to put the client stunnel on the internal database server and run daemon mode stunnel on the webserver and connect backwards through it with no firewall configuration at all.... I can't make this work either. Anyone have any other ideas I might try or perhaps a reason why this won't work? -- Ben Lutgens cell: 612.670.4789 Sistina Software Inc. work: 612.379.3951 Code Monkey Support (A.K.A. System Administrator) "I'm opening the "Paige" cache, anyone wanna cycle a few buffers?" Mike Tilstra - Refering to a pop machine containing James Paige beer. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010322/0babf329/attachment.pgp