Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Reverse Proxy
Operating Systems Linux Reverse Proxy Post 94070 by dipanrc on Tuesday 27th of December 2005 09:05:23 AM
Old 12-27-2005
Reverse Proxy
I have configured reverse proxy through apache...conf file is attached

My reverse proxy has a public ip.it is redirecting the request to 172.16.1.43 which is http

server.....Now i have a link in Http server's home page which will redirect the request to

another Lan zone machine (172.16.1.56).........

It is working fine in Lan zone.........but while I am accessing from internet the request

is redirecting through reverse proxy to my Http server which is currently in Lan zone

But further link can't be resolved.I have Cisco pix firewall in between...which have

necessary access list entries & nat charts..........What should I do????

DNAT ???
httpd.conf.txt (34.7 KB) 
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Reverse *

when I do $ ls z* List of all files begining with 'z'. But what if I want to do a reverse lookup. Just for interest sake ;) $ ls ztr should be same as $ ls ztr* $ ls zt* $ ls z* (2 Replies)
Discussion started by: azmathshaikh
2 Replies

2. UNIX for Dummies Questions & Answers

Reverse Proxy difficulty

Hi I am trying to set up two hosts in a reverse proxy. The reverse proxy already has 8 servers running perfectly, but they are all simply mapping pure addresses, which I have registered internally and externally. The latest two I wish to add are a bit different, they are app servers, one... (1 Reply)
Discussion started by: rboekdrukker
1 Replies

3. IP Networking

Software/tool to route an IP packet to proxy server and capture the Proxy reply as an

Hi, I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
Discussion started by: Rajesh_BK
0 Replies

4. UNIX for Advanced & Expert Users

Apache-Reverse proxy and load balancing

Hi All, I have a webpage loaded on server1 with authorization enabled by .htaccess, which can be accessed by http://ipofserver1/index.html. Now im planning a high availabilty load balancing in such a way that if the server1 is down due to some reason it should connect to another server. i have... (1 Reply)
Discussion started by: Tuxidow
1 Replies

5. UNIX for Advanced & Expert Users

Setup a Reverse Proxy on Squid

Hi all, The scenario is: http://img834.imageshack.us/img834/7990/1234z.jpg - With: + 192.168.100.0/24 : internet link (simulation) + Multiple Websites are hosting in local. + Complete DNS configuration. + OS: CentOS 5 - Requirements: Configure Squid Proxy as... (0 Replies)
Discussion started by: kidzer0
0 Replies

6. Red Hat

Configuration Reverse Proxy - https issue

Hi All I need your valuable help on this. Im trying to setup reverse proxy using apache in rhel 5.5. I just started with Apache, and not much idea about going with advance level config, except that i have tried to set up this reverse proxy based on an online guide i found in internet. The... (0 Replies)
Discussion started by: niyas_gk
0 Replies

7. IP Networking

Reverse proxy tutorials for webserver?

Hi, one member of WJ forum adviced that i setup an reverse proxy for my webserver. So im curious if anyone know about good, easy noob tutorial on hwo to achieve this, please link to this tutorial how to setup reverse proxy for an webserver. Or better for whole node server with OpenVZ... (1 Reply)
Discussion started by: postcd
1 Replies

8. IP Networking

Connecting via proxy chain to Upstream proxy

I need to configure a proxy on my local machine to use an upstream proxy (installed on another machine). The upstream proxy requires Digest/NTLM authorization. I want the local proxy to deal with the upstream proxy's authorization details and provides authorization free access to users that connect... (0 Replies)
Discussion started by: Russel
0 Replies

9. UNIX and Linux Applications

One DMZ server reverse proxy for 2 websites

Hi All, Hope this is the correct thread to ask this, if not, can an admin please move it to the correct thread. Got a wee problem I hope someone can point me in the right direction. I have Network A with two servers hosting separate webpages (I will call these WP1 & WP2). A DMZ server... (6 Replies)
Discussion started by: dakelly
6 Replies

LEARN ABOUT FREEBSD

ftp-proxy

FTP-PROXY(8)						    BSD System Manager's Manual 					      FTP-PROXY(8)

NAME

     ftp-proxy -- Internet File Transfer Protocol proxy daemon

SYNOPSIS

     ftp-proxy [-6Adrv] [-a address] [-b address] [-D level] [-m maxsessions] [-P port] [-p port] [-q queue] [-R address] [-T tag] [-t timeout]

DESCRIPTION

     ftp-proxy is a proxy for the Internet File Transfer Protocol.  FTP control connections should be redirected into the proxy using the pf(4)
     rdr command, after which the proxy connects to the server on behalf of the client.

     The proxy allows data connections to pass, rewriting and redirecting them so that the right addresses are used.  All connections from the
     client to the server have their source address rewritten so they appear to come from the proxy.  Consequently, all connections from the
     server to the proxy have their destination address rewritten, so they are redirected to the client.  The proxy uses the pf(4) anchor facility
     for this.

     Assuming the FTP control connection is from $client to $server, the proxy connected to the server using the $proxy source address, and $port
     is negotiated, then ftp-proxy adds the following rules to the various anchors.  (These example rules use inet, but the proxy also supports
     inet6.)

     In case of active mode (PORT or EPRT):

       rdr from $server to $proxy port $port -> $client
       pass quick inet proto tcp 
	   from $server to $client port $port

     In case of passive mode (PASV or EPSV):

       nat from $client to $server port $port -> $proxy
       pass in quick inet proto tcp 
	   from $client to $server port $port
       pass out quick inet proto tcp 
	   from $proxy to $server port $port

     The options are as follows:

     -6      IPv6 mode.  The proxy will expect and use IPv6 addresses for all communication.  Only the extended FTP modes EPSV and EPRT are
	     allowed with IPv6.  The proxy is in IPv4 mode by default.

     -A      Only permit anonymous FTP connections.  Either user "ftp" or user "anonymous" is allowed.

     -a address
	     The proxy will use this as the source address for the control connection to a server.

     -b address
	     Address where the proxy will listen for redirected control connections.  The default is 127.0.0.1, or ::1 in IPv6 mode.

     -D level
	     Debug level, ranging from 0 to 7.	Higher is more verbose.  The default is 5.  (These levels correspond to the syslog(3) levels.)

     -d      Do not daemonize.	The process will stay in the foreground, logging to standard error.

     -m maxsessions
	     Maximum number of concurrent FTP sessions.  When the proxy reaches this limit, new connections are denied.  The default is 100 ses-
	     sions.  The limit can be lowered to a minimum of 1, or raised to a maximum of 500.

     -P port
	     Fixed server port.  Only used in combination with -R.  The default is port 21.

     -p port
	     Port where the proxy will listen for redirected connections.  The default is port 8021.

     -q queue
	     Create rules with queue queue appended, so that data connections can be queued.

     -R address
	     Fixed server address, also known as reverse mode.	The proxy will always connect to the same server, regardless of where the client
	     wanted to connect to (before it was redirected).  Use this option to proxy for a server behind NAT, or to forward all connections to
	     another proxy.

     -r      Rewrite sourceport to 20 in active mode to suit ancient clients that insist on this RFC property.

     -T tag  The filter rules will add tag tag to data connections, and not match quick.  This way alternative rules that use the tagged keyword
	     can be implemented following the ftp-proxy anchor.  These rules can use special pf(4) features like route-to, reply-to, label,
	     rtable, overload, etc. that ftp-proxy does not implement itself.

     -t timeout
	     Number of seconds that the control connection can be idle, before the proxy will disconnect.  The maximum is 86400 seconds, which is
	     also the default.	Do not set this too low, because the control connection is usually idle when large data transfers are taking
	     place.

     -v      Set the 'log' flag on pf rules committed by ftp-proxy.  Use twice to set the 'log-all' flag.  The pf rules do not log by default.

CONFIGURATION

     To make use of the proxy, pf.conf(5) needs the following rules.  All anchors are mandatory.  Adjust the rules as needed.

     In the NAT section:

       nat-anchor "ftp-proxy/*"
       rdr-anchor "ftp-proxy/*"
       rdr pass on $int_if proto tcp from $lan to any port 21 -> 
	   127.0.0.1 port 8021

     In the rule section:

       anchor "ftp-proxy/*"
       pass out proto tcp from $proxy to any port 21

SEE ALSO

     ftp(1), pf(4), pf.conf(5)

CAVEATS

     pf(4) does not allow the ruleset to be modified if the system is running at a securelevel(7) higher than 1.  At that level ftp-proxy cannot
     add rules to the anchors and FTP data connections may get blocked.

     Negotiated data connection ports below 1024 are not allowed.

     The negotiated IP address for active modes is ignored for security reasons.  This makes third party file transfers impossible.

     ftp-proxy chroots to "/var/empty" and changes to user "proxy" to drop privileges.

BSD
								 February 26, 2008							       BSD
All times are GMT -4. The time now is 03:47 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy