3

This SANS Institute guide states that

"On the client side, a port listening on the loopback interface of the local system would send/receive data on the clear-text protocol and tunnel out on an ephemeral port to connect to the secured port of the remote system"

Interestingly, this is not stated about the server side, so my first question is: Is this statement true for the server side as well?

Then, this Installing stunnel on your windows machine guide implements the aforementioned statement nicely (I actually followed it an verified it is working).

I understand that the following directive in the stunnel.conf file redirects the original (clear-text) traffic from port 139 to the encrypted port 1445: 

client = yes
[smb]
accept=10.1.1.2:139
connect=samba.cs.umd.edu:1445

But I don't understand how it does it.

More specifically:

  1. Why is a loopback adapter needed to facilitate this?
  2. Why was the IP address 10.1.1.2 chosen for the 'accept' port?
  3. Is default gateway needed? (if so, why/how does it work on a system that does not have any default gateway specified for the loopback adapter?)
Withheld
  • 187
  • 1
  • 1
  • 7

0 Answers0