I believe that's what it would be called...Transparent Reverse Squid Proxy My company has only 1 external IP address to use. Our internal network topology is: 1 x Cisco 831 Router 1 x Cisco 3750 24port Switch 2 x Physical CentOS 5.3 x64 Linux Servers running VMware 2.0 1 x Physical CemtOS 5.3 i386 Linux Server running Asterisk 1 x Virtual Windows Server 2003 x64 Standard with Exchange server 2007 1 x Virtual Windows Server 2008 x64 Standard 1 x Virtual Windows Server 2003 Standard 1 x Virtual Windows XP Professional 3 x Virtual appliances for network monitoring, etc. Obviously you would imaging, that accessing web interfaces of 6 servers has been quite challenging. I would like to setup a Squid Proxy in a VM to receive traffic for multiple ports. The ports are 80, 443, 8222, 8333, 10000 to name a few. Constraints: I will be using CentOS 5.3 x64 and would like to know if anyone would be able to assist in configuring this. The only way to access the web interfaces would be through NATting the ports to the Squid Proxy. Thus our Router IP is 10.10.10.254, the Squid Proxy is 10.10.10.253, our Windows servers are in 1-29 range, and Linux servers are in the range 30-59. Preliminary Thoughts are: How would I configure Squid to accept multiple ports? How do I use squid to retreive the LAN based web interface and forward it out the Router without configuring Squid to be the gateway device? Thank you everyone for your considerations, and I am sorry if it appears that I do not know what I am doing. This will be my first Squid Proxy setup. I have used Linux for over 10 years, but with varying software, and the fact that most of my customers use Windows, causes me to lack some experience. Additionally I would like to use this as a learning experience in squid, proxying, and iptables.
Hi d31373, I had a similar question and ended up going with a simple approach and doing it with apache's reverse proxy as a front end machine. I am guessing you could configure apache to listen on Port 80 & 8222 {vmware} and proxy to the server you want based on the header host. for https (443 & 8333) it's a bit more tricky as you need to read the headers. As for other traffic say ssh pop3 etc.. I don't think you can go through a proxy server it's just for http/https traffic and you will need to NAT to the server. i.e. port 25 would NAT to server A pop3 would NAT to server B etc.. But I am not sure. If you find out how to do it please let me know. Stephen
I think you nailed it right on the head. I ONLY want to forward http/https traffic. HTTP ports 80, 8088, 8222; HTTPS ports 443, 8333, 10000. it is only an issue of accessing the web interfaces of the servers inside of the network withour mapping external port 81 to port 80 on one server, external port 82 to port 80 and another server, etc. smtp = forwards to Exchange Server 2007 rdp = forwards to Windows Server 2003 vnc = forwards to vm1 ssh = forwards to the proxy server, then establish ssh to other servers Do you have any idea how/where to begin? What should I research first? I have no problem doing footwork to get this completed, perhaps someone else with more know-how can help lay the foundation. Are there any linux distributions targeted specifically at tackling this particular issue? Something, I can use to base my experience (possibly implement temporarily)?
Well I did it like this...{just got this from my history file}.. apt-get install apache2 a2enmod proxy a2enmod proxy_http /etc/init.d/apache2 force-reload a2enmod proxy_connect a2enmod ssl /etc/init.d/apache2 force-reload ###Create vhost file in /etc/apache2/sites-available/domain.com.vhost as follows <VirtualHost *:80> ServerName www.domain.com ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://www.domain.com/ ProxyPassReverse / http://www.domain.com/ </VirtualHost> a2ensite domain.com.vhost /etc/init.d/apache2 reload I think you will also need to add into /etc/apache2/ports.conf to listen on the ports you want. My HTTP works fine I have not tried with https yet. So I will pass on where I got all my info from: http://www.howtoforge.com/apache_reverse_proxy_ispconfig http://www.apachetutor.org/admin/reverseproxies http://httpd.apache.org/docs/2.2/mod/mod_proxy.html Hope this helps. Stephen
THANK YOU! I will begin working on implementing, any additional info would be greatly appreciated, hopefully I will have something up by mid next week.
This is just to add some addition info I found that might be of help for anyone reading this post: it's about logging behind a proxy server. It has some problems as X-Forwarded-For can have multiple ip addresses. If anyone knows how to solve this I would be grateful. I do my logging this way as opposed to apache's suggestion just to change the %h because I was unsure what would happen to my logs if the X-Forwarded-For was not set (eg if a local request was made from/to the server say via a cgi script). Code: LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%v:%p %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" log_x_forward_for SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" is-forwarder CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined env=!is-forwarder CustomLog /var/log/apache2/other_vhosts_access.log log_x_forward_for env=is-forwarder hope it help Stephen