The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 "rerouting" packets (or something like t
Author: Esko Pyyluoma 
Date:   15-05-00 21:56

The company that I work for has a NT box running MS Proxy Server as a firewall/gateway/proxy server. Since the MSPS is crashing on a daily basis (which is causing me enormous headache) and the computers hard drive is about to stop working I've decided to rebuild the box. Since I use FreeBSD at home, I'm thinking about a FreeBSD+squid configuration.

The problem is that the NT box is also used as a PPTP server to form a VPN with our clients, while I can move the PPTP service to another NT box inside the intranet, but our security regulations state that internal IP addresses can't be visible from outside. Another problem is that we have a IIS web server _inside_ the intranet that uses some IIS "rerouting" feature with the firewall box, so that connections to the web server are made to the firewall box instead of the actual server, this way the IIS box isn't visible from outside.

My question is, can I "reroute" incoming PPTP and HTTP packets from the proxy to the actual PPTP or HTTP server, which would be inside the intranet, without the actual servers IP address being visible to outside? Another way of putting this would be can I mask the servers IP address, so that the clients connecting to the servers would see them as the proxy server? Can this be done with NAT? DMZ isn't really an option, since the IIS server authenticates connections from the domain controllers user database.

Thanks in advance and sorry about the bad english.

Reply To This Message
 
 RE: "rerouting" packets (or something li
Author: P.K. Krug (VaderX) 
Date:   16-05-00 18:43

Yes this can be done. what you will probably want to do it alias an ip to the outside nic of your firewall machine then using natd redirect that address to a safe internal one.

Reply To This Message
 
 RE: "rerouting" packets (or something li
Author: Jeff Johnson 
Date:   19-05-00 03:14

I would recommend IPFilter as a firewalling tool. It easily allows redirection of incomming services to a box inside the firewall using the ipnat facility.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org