I wish that was the answer (ego being less important than sanity). I've put a tcpdump box in the middle and tcp sessions are going out to the mysql server on 3307 (the creative port I chose for stunnel to use for mysql) but the session hangs for about a minute after I send the password. Here are the details:
>From the MySQL server box. ================================ FreeBSD master02.com 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Tue Nov 19 15:24:12 PST 2002 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/FW i386 master02# more /etc/hosts 127.0.0.1 master02.com localhost 192.168.1.6 master02.com master02 192.168.1.6 master02.com. master02# master02# cat /usr/local/etc/stunnel/stunnel.conf # Sample stunnel configuration file # Copyright by Michal Trojnara 2002 # Comment it out on Win32 cert = /usr/local/etc/stunnel/mail.pem chroot = /var/tmp/stunnel # PID is created inside chroot jail pid = /stunnel.pid setuid = stunnel setgid = stunnel # Authentication stuff #verify = 2 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /certs # or simply use CAfile instead: #CAfile = /usr/local/etc/stunnel/certs.pem # Some debugging stuff debug = 7 #output = stunnel.log # Use it for client mode #client = yes foreground = yes # Service-level configuration [3307] accept = 192.168.1.6:3307 #connect = 127.0.0.1:3306 connect = master02.com:3306 #connect = 192.168.1.6:3306 #connect = localhost:3306 master02# more /etc/my.cnf <snip comments> # The following options will be passed to all MySQL clients [client] #password = port = 3306 socket = /tmp/mysql.sock # Here follows entries for some specific programs # The MySQL server [mysqld] port = 3306 socket = /tmp/mysql.sock skip-locking set-variable = key_buffer=256M set-variable = max_allowed_packet=1M set-variable = table_cache=256 set-variable = sort_buffer=1M set-variable = record_buffer=1M set-variable = myisam_sort_buffer_size=64M set-variable = thread_cache=8 # Try number of CPU's*2 for thread_concurrency set-variable = thread_concurrency=8 log-bin server-id = 1 # Uncomment the following if you are using BDB tables #set-variable = bdb_cache_size=64M #set-variable = bdb_max_lock=100000 # Uncomment the following if you are using InnoDB tables #innodb_data_home_dir = /var/db/mysql/ #innodb_data_file_path = ibdata1:10M:autoextend #innodb_log_group_home_dir = /var/db/mysql/ #innodb_log_arch_dir = /var/db/mysql/ # You can set .._buffer_pool_size up to 50 - 80 % # of RAM but beware of setting memory usage too high #set-variable = innodb_buffer_pool_size=256M #set-variable = innodb_additional_mem_pool_size=20M # Set .._log_file_size to 25 % of buffer pool size #set-variable = innodb_log_file_size=64M #set-variable = innodb_log_buffer_size=8M #innodb_flush_log_at_trx_commit=1 #set-variable = innodb_lock_wait_timeout=50 # Point the following paths to different dedicated disks #tmpdir = /tmp/ #log-update = /path-to-dedicated-directory/hostname [mysqldump] quick set-variable = max_allowed_packet=16M [mysql] no-auto-rehash # Remove the next comment character if you are not familiar with SQL #safe-updates [isamchk] set-variable = key_buffer=128M set-variable = sort_buffer=128M set-variable = read_buffer=2M set-variable = write_buffer=2M [myisamchk] set-variable = key_buffer=128M set-variable = sort_buffer=128M set-variable = read_buffer=2M set-variable = write_buffer=2M [mysqlhotcopy] interactive-timeout This is the debug output for stunnel, which is where I see the TCP connection hang waiting for a socket from Mysql. master02# sh stunnel.sh start 2002.11.25 13:45:02 LOG5[346:134594560]: stunnel 4.00 on i386-portbld-freebsd4.7 PTHREAD+LIBWRAP with OpenSSL 0.9.6g 9 Aug 2002 2002.11.25 13:45:02 LOG7[346:134594560]: RAND_status claims sufficient entropy for the PRNG 2002.11.25 13:45:02 LOG6[346:134594560]: PRNG seeded successfully 2002.11.25 13:45:02 LOG7[346:134594560]: Certificate: /usr/local/etc/stunnel/mail.pem 2002.11.25 13:45:02 LOG7[346:134594560]: Key file: /usr/local/etc/stunnel/mail.pem 2002.11.25 13:45:02 LOG5[346:134594560]: FD_SETSIZE=1024, file ulimit=1792 -> 500 clients allowed 2002.11.25 13:45:02 LOG7[346:134594560]: FD 5 in non-blocking mode 2002.11.25 13:45:02 LOG7[346:134594560]: SO_REUSEADDR option set on accept socket 2002.11.25 13:45:02 LOG7[346:134594560]: 3307 bound to 192.168.1.6:3307 2002.11.25 13:45:02 LOG7[346:134594560]: Created pid file /stunnel.pid 2002.11.25 13:45:21 LOG7[346:134594560]: 3307 accepted FD=6 from 192.168.1.4:1058 2002.11.25 13:45:21 LOG7[346:134594560]: FD 6 in non-blocking mode 2002.11.25 13:45:21 LOG7[346:134596608]: 3307 started 2002.11.25 13:45:21 LOG5[346:134596608]: 3307 connected from 192.168.1.4:1058 2002.11.25 13:45:21 LOG7[346:134596608]: FD 7 in non-blocking mode 2002.11.25 13:45:21 LOG7[346:134596608]: 3307 connecting 127.0.0.1:3306 2002.11.25 13:45:21 LOG7[346:134596608]: Remote FD=7 initialized 2002.11.25 13:45:21 LOG7[346:134596608]: SSL state (accept): before/accept initialization 2002.11.25 13:45:21 LOG7[346:134596608]: waitforsocket: FD=6, DIR=read 2002.11.25 13:45:33 LOG7[346:134596608]: waitforsocket: ok 2002.11.25 13:45:33 LOG3[346:134596608]: SSL_accept: Peer suddenly disconnected 2002.11.25 13:45:33 LOG7[346:134596608]: 3307 finished (0 left) ================================ >From the MySQL client box ================================ same OS/version sensor01# more /etc/hosts 127.0.0.1 localhost.com localhost 192.168.1.4 sensor01.com sensor01 192.168.1.4 sensor01.com. sensor01# mysql -h 127.0.0.1 -u snortman -p Enter password: ERROR 2013: Lost connection to MySQL server during query sensor01# cat /usr/local/etc/stunnel/stunnel.conf # Sample stunnel configuration file # Copyright by Michal Trojnara 2002 # Comment it out on Win32 cert = /usr/local/etc/stunnel/mail.pem chroot = /var/tmp/stunnel # PID is created inside chroot jail pid = /stunnel.pid setuid = stunnel setgid = stunnel # Authentication stuff #verify = 2 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /certs # or simply use CAfile instead: #CAfile = /usr/local/etc/stunnel/certs.pem # Some debugging stuff debug = 7 #output = stunnel.log # Use it for client mode #client = yes foreground = yes # Service-level configuration [3306] accept = 127.0.0.1:3306 connect = 192.168.1.6:3307 Debug output from the client side of the same connection as above. This indicates that stunnel is building a proper session. sensor01# sh stunnel.sh start 2002.11.25 13:48:53 LOG5[344:134594560]: stunnel 4.00 on i386-portbld-freebsd4.7 PTHREAD+LIBWRAP with OpenSSL 0.9.6g 9 Aug 2002 2002.11.25 13:48:53 LOG7[344:134594560]: RAND_status claims sufficient entropy for the PRNG 2002.11.25 13:48:53 LOG6[344:134594560]: PRNG seeded successfully 2002.11.25 13:48:53 LOG7[344:134594560]: Certificate: /usr/local/etc/stunnel/mail.pem 2002.11.25 13:48:53 LOG7[344:134594560]: Key file: /usr/local/etc/stunnel/mail.pem 2002.11.25 13:48:53 LOG5[344:134594560]: FD_SETSIZE=1024, file ulimit=3636 -> 500 clients allowed 2002.11.25 13:48:53 LOG7[344:134594560]: FD 5 in non-blocking mode 2002.11.25 13:48:53 LOG7[344:134594560]: SO_REUSEADDR option set on accept socket 2002.11.25 13:48:53 LOG7[344:134594560]: 3306 bound to 127.0.0.1:3306 2002.11.25 13:48:53 LOG7[344:134594560]: Created pid file /stunnel.pid 2002.11.25 13:49:02 LOG7[344:134594560]: 3306 accepted FD=6 from 127.0.0.1:1057 2002.11.25 13:49:02 LOG7[344:134594560]: FD 6 in non-blocking mode 2002.11.25 13:49:02 LOG7[344:134596608]: 3306 started 2002.11.25 13:49:02 LOG5[344:134596608]: 3306 connected from 127.0.0.1:1057 2002.11.25 13:49:02 LOG7[344:134596608]: FD 7 in non-blocking mode 2002.11.25 13:49:02 LOG7[344:134596608]: 3306 connecting 192.168.1.6:3307 2002.11.25 13:49:02 LOG7[344:134596608]: remote connect #1: EINPROGRESS: retrying 2002.11.25 13:49:02 LOG7[344:134596608]: waitforsocket: FD=7, DIR=write 2002.11.25 13:49:02 LOG7[344:134596608]: waitforsocket: ok 2002.11.25 13:49:02 LOG7[344:134596608]: Remote FD=7 initialized 2002.11.25 13:49:02 LOG7[344:134596608]: SSL state (accept): before/accept initialization 2002.11.25 13:49:02 LOG7[344:134596608]: waitforsocket: FD=6, DIR=read 2002.11.25 13:49:13 LOG7[344:134596608]: waitforsocket: ok 2002.11.25 13:49:13 LOG3[344:134596608]: SSL_accept: Peer suddenly disconnected 2002.11.25 13:49:13 LOG7[344:134596608]: 3306 finished (0 left) ================================ Everything I have read on mysql says it can be forced to use a port, but I'm not connecting locally, it just appears that way to the server; I can't send arguments. --- Dan Nelson <[EMAIL PROTECTED]> wrote: > In the last episode (Nov 25), twig les said: > > Hey all, I'm having a painful time trying to get > stunnel and mysql to > > play together. My mysql works fine locally and > remotely until I add > > stunnel. After chasing my tail for a week (and > drinking a lot on the > > weekend) I realized that Mysql is trying to open a > socket on the > > server machine instead of using the TCP port like > stunnel needs it > > to. Is there a way to force Mysql to use the TCP > port and not the > > socket? > > Try -h 127.0.0.1, or -h <hostname>. Don't use -h > localhost, because > that means "use the socket". > > -- > Dan Nelson > [EMAIL PROTECTED] ===== ----------------------------------------------------------- If you give a man a fish, he can eat for a day If you bludgeon him to death, you can eat the fish yourself ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus – Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
