[stunnel-users] Will fwknop work?

This is a discussion on [stunnel-users] Will fwknop work? within the Stunnel Users forums, part of the Networking and Network Related category; If I understand the question correctly, isn't this what "port knocking" or single packet authorization (e.g. ...


Go Back   Usenet Forums > Networking and Network Related > Stunnel Users

Reload this Page [stunnel-users] Will fwknop work?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2 Weeks Ago
 
Posts: n/a
Default [stunnel-users] Will fwknop work?
If I understand the question correctly, isn't this what "port knocking" or single packet authorization (e.g. fwknop) is supposed to do? I have used fwknop and SSH in our lab, but only with Linux and iptables. However, I think fwknop is supposed to interface with more than just iptables on the local box (meaning you would not have to use a Linux box to replace your current firewall).

I think you can use fwknop to monitor syslog and parse for specific events and then open the port. In other words, your current firewall reports to your syslog server and fwknop parses the log file for the security event associated with the reception of a SPA packet on your outside interface. Fwknop then sends your firewall (through a script?) whatever command is required to open the port you want and redirect it to the appropriate inside machine (or you could simply enable / disable a preconfigured rule). I am not a scripting guru so I may be WAY off base here and if I am, I apologize for leading you astray. Anyway, you might want to check out the following:

http://cipherdyne.org/fwknop/ --> FireWall KNock Operator home page
http://fwknop.darwinports.com/ --> OS X fwknop client

There is also a Windows UI version that is supposed to create SPA packets without using fwknop / PERL or running under Cygwin but I have not used that.

Richard


On 4/29/08 7:50 PM, "jz@ellingtongeologic.com" <jz@ellingtongeologic.com> wrote:

>
> Good Morning Mike:
>
> I had a question and sent to the list (it might have not gone thru) The
> question was that: is it possible for stunnel to go to the router, for
> example, 10.10.1.1, to scan for a port of interest and see whether there is a
> request thru that port? so the nat router would not have to forward the port
> to the stunnel of my local machine, e.g. 10.10.1.188, on which stunnel is
> listening for port 8888 and will relay it to 5631 of the local program.
>
> Thanks

_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 07:04 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0