[svlug] Re: using reverse-proxy and firewall...

George Georgalis georgw at galis.org
Wed Jan 8 14:03:51 PST 2003


On Wed, Jan 08, 2003 at 12:10:00PM -0800, ... wrote:
>On Wed, Jan 08, 2003 at 12:11:22PM -0500, George Georgalis wrote:
>> Hi,
>> 
>> I'm setting up a reverse proxy, a setup I thought would be simple:
>> 
>> 1) use iptables to redirect ip:80 to ip:3130 on the firewall
>> 2) run the webserver on a local subnet, port 80
>> 3) run squid on firewall
>> 4) use djbdns conditionals to give the firewall ip answers for internet queries
>> 5) use djbdns conditionals to give the webserver ip answers for local queries
>> 
>> so access from the internet would get to the firewall, have its port
>> changed to squid port, squid would look up the domain, discover the
>> local ip, query the webserver, and reply to the internet client.
>>
>
>Let me get this right. This would allow clients from the internet, without
>authentication, to use your proxy?

um, yeah.... 

httpd_accel_port was the config option I needed to hit port 80 on
the local network and a pair of acls, one specifying the lan as a
destination (for the reverse proxy) and another specifying the lan as a
source (for a regular proxy for the lan), to allow authorized and deny
unauthorized access.

Thanks to the heads up on a private email, I'm _not_ hosting a public
proxy. :)

// George


-- 
GEORGE GEORGALIS, System Admin/Architect    cell: 347-451-8229 
Security Services, Web, Mail,            mailto:george at galis.org 
Multimedia, DB, DNS and Metrics.       http://www.galis.org/george 




More information about the svlug mailing list