Yes, That's what I am trying to do. Using tcpwrapper, I denied ALL:ALL and allow only client to use rsync service ONLY at encrypted port 5555(say). I did forward local 873 port at server to local port 5555 using stunnel. Now using stunnel I connect client::873 to server::5555 in two way authentication using OpenSSL certificates. So as Todd says, at client side I am doing something like "rsync OPTIONS LOCAL_DIR user@locahost::module . And its running fine in 2-way authentication, encrypted channel ...... But my original question was "if rsync team planning to get SSL enabled rsync port like https for http". -SJ -----Original Message----- From: Bennett Todd [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 11, 2000 4:07 PM To: Martin Pool Cc: Sanjeev Jha; Rsync-us4 (E-mail) Subject: Re: port 2000-10-10-20:33:11 Martin Pool: > On Wed, Sep 27, 2000 at 11:48:52AM -0400, Sanjeev Jha wrote: > > Port forwarding question. > > > > I want to forward port 873 to say 5555 and I want rsync-users to use this > > port(5555) not 873. Now, how can I prevent users to connect at port 873 > > directly ? > > You might get away with just running the daemon with > > rsync --daemon --port=5555 I think despite the way he asked it, what he's really wanting is not simple port forwarding, but a cryptographic proxy --- stunnel perhaps, or something like it. In which case the goal is to make the service accessible only to users going through the encrypting tunnel (which listens on port 5555), not to users trying to connect directly to the unencrypted daemon (on port 873). If so, then he could achieve the desired effect either by using packet filtering (ipchains for Linux, IP Filter for most other platforms) to block access to 873 from the internet, or perhaps more gracefully by using the rsync option "--address=127.0.0.1" to ensure that the rsync daemon binds only to the localhost loopback interface, through which the stunnel will be talking to it. -Bennett
