You are not logged in.

Pages: 1

#1 2010-02-15 22:31:33

eerok
Member
From: Canada
Registered: 2005-03-20
Posts: 171

[Solved] Problem with stunnel and nntp

I'm trying to encrypt nntp for pan.  I already have it encrypted for sabnzbd, so I know that at least I have the server info correct.

I've read a few different guides to getting stunnel going for nntp, but it seems like I'm missing something.  Here's the log:

2010.02.15 17:03:28 LOG5[2324:3075122880]: Reading configuration from file /etc/stunnel/stunnel.conf
2010.02.15 17:03:28 LOG7[2324:3075122880]: RAND_status claims sufficient entropy for the PRNG
2010.02.15 17:03:28 LOG7[2324:3075122880]: PRNG seeded successfully
2010.02.15 17:03:29 LOG7[2324:3075122880]: SSL context initialized for service nntp
2010.02.15 17:03:29 LOG5[2324:3075122880]: Configuration successful
2010.02.15 17:03:29 LOG5[2324:3075122880]: No limit detected for the number of clients
2010.02.15 17:03:29 LOG7[2324:3075122880]: FD=8 in non-blocking mode
2010.02.15 17:03:29 LOG7[2324:3075122880]: FD=9 in non-blocking mode
2010.02.15 17:03:29 LOG7[2324:3075122880]: FD=10 in non-blocking mode
2010.02.15 17:03:29 LOG7[2324:3075122880]: Option SO_REUSEADDR set on accept socket
2010.02.15 17:03:29 LOG7[2324:3075122880]: Service nntp bound to 127.0.0.1:119
2010.02.15 17:03:29 LOG7[2324:3075122880]: Service nntp opened FD=10
2010.02.15 17:03:29 LOG7[2330:3075122880]: Created pid file /stunnel.pid
2010.02.15 17:03:29 LOG5[2330:3075122880]: stunnel 4.31 on i686-pc-linux-gnu with OpenSSL 0.9.8l 5 Nov 2009
2010.02.15 17:03:29 LOG5[2330:3075122880]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2010.02.15 17:03:45 LOG7[2330:3075122880]: Service nntp accepted FD=0 from 127.0.0.1:60277
2010.02.15 17:03:45 LOG7[2330:3078679408]: Service nntp started
2010.02.15 17:03:45 LOG7[2330:3075122880]: Service nntp accepted FD=1 from 127.0.0.1:60278
2010.02.15 17:03:45 LOG7[2330:3078679408]: FD=0 in non-blocking mode
2010.02.15 17:03:45 LOG7[2330:3078679408]: Option TCP_NODELAY set on local socket
2010.02.15 17:03:45 LOG7[2330:3078679408]: Waiting for a libwrap process
2010.02.15 17:03:45 LOG7[2330:3078679408]: Acquired libwrap process #0
2010.02.15 17:03:45 LOG7[2330:3078609776]: Service nntp started
2010.02.15 17:03:45 LOG7[2330:3078609776]: FD=1 in non-blocking mode
2010.02.15 17:03:45 LOG7[2330:3078609776]: Option TCP_NODELAY set on local socket
2010.02.15 17:03:45 LOG7[2330:3078609776]: Waiting for a libwrap process
2010.02.15 17:03:45 LOG7[2330:3078609776]: Acquired libwrap process #1
2010.02.15 17:03:45 LOG7[2330:3078609776]: Releasing libwrap process #1
2010.02.15 17:03:45 LOG7[2330:3078609776]: Released libwrap process #1
2010.02.15 17:03:45 LOG4[2330:3078609776]: Service nntp REFUSED by libwrap from 127.0.0.1:60278
2010.02.15 17:03:45 LOG7[2330:3078609776]: See hosts_access(5) manual for details
2010.02.15 17:03:45 LOG5[2330:3078609776]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.02.15 17:03:45 LOG7[2330:3078609776]: Service nntp finished

And here's my /etc/stunnel/stunnel.conf

; Sample stunnel configuration file by Michal Trojnara 2002-2009
;
; some options used here may not be adequate for your particular configuration
; please read the manual and make sure you understand them

; certificate/key is needed in server mode and optional in client mode
;cert = /etc/stunnel/mail.pem
;key = /etc/stunnel/mail.pem

; protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; security enhancements for UNIX systems - comment them out on Win32
; for chroot a copy of some devices and files is needed within the jail
chroot = /var/run/stunnel
setuid = stunnel
setgid = stunnel
; PID is created inside the chroot jail
pid = /stunnel.pid

; performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

; workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; authentication stuff needs to be configured to prevent MITM attacks
; it is not enabled by default!
;verify = 2
; don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; it's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; alternatively CRLfile can be used
;CRLfile = /etc/stunnel/crls.pem

; debugging stuff (may useful for troubleshooting)
debug = 7
output = stunnel.log

; SSL client mode
client = yes

; service-level configuration

;[pop3s]
;accept  = 995
;connect = 110

;[imaps]
;accept  = 993
;connect = 143

;[ssmtp]
;accept  = 465
;connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

[nntp]
accept  = localhost:119
connect = ssl.astraweb.com:563

; vim:ft=dosini

Last edited by eerok (2010-02-16 13:10:04)

noobus in perpetuus

Offline

#2 2010-02-16 12:50:34

Sin.citadel
Member
Registered: 2008-01-22
Posts: 267

Re: [Solved] Problem with stunnel and nntp

have you set

nntp: 127.0.0.1

in /etc/hosts.allow file?

Offline

#3 2010-02-16 13:03:34

eerok
Member
From: Canada
Registered: 2005-03-20
Posts: 171

Re: [Solved] Problem with stunnel and nntp

That was it.  Thanks a ton, network stuff never came naturally to me smile

noobus in perpetuus

Offline

Pages: 1

Board footer

Powered by FluxBB