Author: Esko Pyyluoma
Date: 15-05-00 21:56
The company that I work for has a NT box running MS Proxy Server as a firewall/gateway/proxy server. Since the MSPS is crashing on a daily basis (which is causing me enormous headache) and the computers hard drive is about to stop working I've decided to rebuild the box. Since I use FreeBSD at home, I'm thinking about a FreeBSD+squid configuration.
The problem is that the NT box is also used as a PPTP server to form a VPN with our clients, while I can move the PPTP service to another NT box inside the intranet, but our security regulations state that internal IP addresses can't be visible from outside. Another problem is that we have a IIS web server _inside_ the intranet that uses some IIS "rerouting" feature with the firewall box, so that connections to the web server are made to the firewall box instead of the actual server, this way the IIS box isn't visible from outside.
My question is, can I "reroute" incoming PPTP and HTTP packets from the proxy to the actual PPTP or HTTP server, which would be inside the intranet, without the actual servers IP address being visible to outside? Another way of putting this would be can I mask the servers IP address, so that the clients connecting to the servers would see them as the proxy server? Can this be done with NAT? DMZ isn't really an option, since the IIS server authenticates connections from the domain controllers user database.
Thanks in advance and sorry about the bad english.