We use Border Manager 3.5, and have some Web servers on the private side, which require public access. We wanted to utilize BM proxy services for this task. We also use NAT, and Secondary IP addresses, combined with filters.
(Note here, that we canget it to work fine just using the Filters, but wanted to use Reverse Proxy)
The Web Servers are not standard HTTP port 80 access, as of a typical setup.
From what we understand from Novell, we are supposed to use the “HTTP acceleration” tab for public access to webs on the private network. (i.e. Reverse Proxy) However, that is a problem for us, as BM’s reverse proxy acceleration feature is limited to standard HTTP, and FTP proxy.
So what we ended up doing, is setting up a “generic TCP Proxy” in the forward proxy section.
Now, for the can of worms.
We use NAT, and it would not work.
So, then we set the NAT to have the public IP address on BOTH sides of the NAT.
Then we set the Proxy IP to listen to the Private Interface, because wethink the Generic TCP proxy feature only listens to the Private Interface. Thus, the IP had to match the public interface IP address.
Then, we set up two filters. One Dynamic TCP/IP for Proxy access, and a second one for the application.
Then we set the access Rules, and it works. So far we have not had any problems with performance either.
My question here is. How should we really do this? Does anyone know how it really should be done? We have called Novell and opened incidents and it seems that each technician has a different way of doing it. But, none have worked except for this way.
I did not come up with this configuration. It was a team effort, and the boss did most of it. I still have questions about this, as I have not had it confirmed as being “OK” by anyone.
Myself, I feel the way it has been done, is being made way to difficult.
So, we seek other opinions.