[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Reverse Proxying
From:       "Jaffe, N. David" <DavidJ () trgnetworking ! com>
Date:       1999-05-27 18:07:20
[Download RAW message or body]

Hi, folks.

    I am setting-up a new firewall, so I have unlimited options as to
freeware (except FWTK, whose licensing is very clear I can't sell associated
products or time) and rulesets.  However, I'm running short on time to
finish it.

This application involves putting the client's webserver INSIDE a firewall.
Apart from normal Internet browsers, their members can come to the site's
webserver (NT4), authenticate on the box, then downloading files based on
their username.  This is all done inside their browser, and therefor via
passive ftp.  

I cannot figure-out how to use ipf/ipnat to reverse-proxy for me.  (Can't
simply use filter rules that *I've* been able to devise, since the data
connection will try to set-up to a port >1024, and I can't allow THAT, now
can I??)

This box will have Squid to proxy for internal folks browsing the 'Net, but
I won't use HTTP ACCEL for incoming folks, since the client wants their
webcounter on the NT box to be accurate.  I'm using FreeBSD 2.2.8-RELEASE,
IPFilter 3.2.10, Squid 1.1.22 (but can use 2.X if that will help).  One
other possibly-relevant fact:  the client's internal addresses are real and
routable.

Can anyone tell me how to do this, preferrably with both the concept and
associated rules?  That would be useful to post to the group, I think, since
I can't find any discussion on it in the archives.

Thanks much!
David Jaffe

"I brake for inelastic collisions."

[prev in list] [next in list] [prev in thread] [next in thread]