SSL Tunnel FileThis file lets you create TCP/IP tunnels and SSL tunnels. Tunnel is a gateway listening on a specified port and forwarding all datagrams to a destination address and port in both directions. You can create special rules so only specified sessions will be processed. SSL tunnels can have certificates for processing and server can request client certificates. Certificates can be verified using the rules section. Formal Syntax: |
|||
tunnelitems | = | *(tunnelitem CRLF) | |
tunnelitem | = | sourceitem "," desinationitem ["," rules ["," comment]] | |
sourceitem | = | [listenip] ":" port [";" SSLCertificate] | |
destinationitem | = | [destinationip] ":" port [";" SSLCertificate ] | |
listenip | = | ipaddress | |
destinationip | = | ipaddress | |
rules | = | *(rule) | |
rule | = | action ":" value ";" | |
action | = | ("0" / "1" / "2") |
0 - Reject IP 1 - Allow IP 2 - Require peer certificate |
Example: |
|||
:5000,gate.icewarp.com:80 | Listens on all interfaces on port 5000 and sends data to gate.icewarp.com port 80 | ||
127.0.0.1:5001,194.213.224.2:25,1:192.*.*.*;0:*.*.*.* | Listens on IP 127.0.0.1 port 5001 and sends all data to 194.213.224.24 port 25 only for connections from 192.*.*.* | ||
:5001;/certs/cert.pem,gate.icewarp.com:80,2: | Listens on port 5001 as an SSL server and forwards all data SSL decoded to gate.icewarp.com. Requires client certificate and the client certificate that has been issued by trusted CA. |