user at host fun with stunnel
matthew.best at gmail.com
Thu Dec 9 07:53:53 EST 2004
On Thu, 9 Dec 2004 00:02:14 -0500 (EST), Paul-Andrew Joseph Miseiko
<esoteric at teardrop.ca> wrote:
> Not without modifications to the IRCD source code.
I was afraid of that. I'm thinking of hammering out a small script
that scans the active internet connections and just somehow correlate
that with the ircd.log.
> It is probably a better idea to use a client SSL patch with the IRCD.
> Or you could just consider the "user at internal.ip" a "feature".
Yeah I think I'll just use spoofing.
> ps. don't run stunnel as root.
Thanks for the tip. I missed that. I'm starting as user "irc" now.
> Behind every great man is a great woman...and behind every great woman is some guy staring at her butt!
> On Wed, 8 Dec 2004, Matt Best wrote:
> > Hey again listers,
> > I'm in a bit of an interesting quagmire here. I use stunnel
> > (http://www.stunnel.org) to offer ircd over SSL to my users.
> > This is my stunnel statement:
> > /usr/sbin/stunnel -r 192.168.0.25:6667 -d 192.168.0.25:8887 -p
> > /etc/ssl/certs/stunnel.pem -o /var/log/stunnel.ext.log
> > This reads as "listen on port 8887 and encrypt all connections to this
> > port, then redirect to port 6667". The ircd is listening on 6667. I
> > basically have a standard NAPT gateway in front of the server that
> > redirects port 8887 to 192.168.0.25.
> > The problem with this, is I think it kinda breaks ident. When a user
> > connects, they are alw connected as "root at 192.168.0.25", instead of
> > "user at isp-assigned-ip-address-or-hostname".
> > Can anybody think of a way around this? I understand this may be
> > beyond the scope of this list. Any suggestions are appreciated.
> > Thanks.
> > Kind regards,
> > Matt
More information about the hybrid