General discussion

Locked

Border Manager 3.5 Reverse Proxy Anyone?

By Ole_Ethernets ·
We use Border Manager 3.5, and have some Web servers on the private side, which require public access. We wanted to utilize BM proxy services for this task. We also use NAT, and Secondary IP addresses, combined with filters.
(Note here, that we canget it to work fine just using the Filters, but wanted to use Reverse Proxy)
The Web Servers are not standard HTTP port 80 access, as of a typical setup.
From what we understand from Novell, we are supposed to use the "HTTP acceleration" tab for public access to webs on the private network. (i.e. Reverse Proxy) However, that is a problem for us, as BM's reverse proxy acceleration feature is limited to standard HTTP, and FTP proxy.
So what we ended up doing, is setting up a "generic TCP Proxy" in the forward proxy section.
Now, for the can of worms.
We use NAT, and it would not work.
So, then we set the NAT to have the public IP address on BOTH sides of the NAT.
Then we set the Proxy IP to listen to the Private Interface, because wethink the Generic TCP proxy feature only listens to the Private Interface. Thus, the IP had to match the public interface IP address.
Then, we set up two filters. One Dynamic TCP/IP for Proxy access, and a second one for the application.
Then we set the access Rules, and it works. So far we have not had any problems with performance either.
My question here is. How should we really do this? Does anyone know how it really should be done? We have called Novell and opened incidents and it seems that each technician has a different way of doing it. But, none have worked except for this way.
I did not come up with this configuration. It was a team effort, and the boss did most of it. I still have questions about this, as I have not had it confirmed as being "OK" by anyone.
Myself, I feel the way it has been done, is being made way to difficult.
So, we seek other opinions.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Border Manager 3.5 Reverse Proxy Anyone?

by Ole_Ethernets In reply to Border Manager 3.5 Revers ...

Point value changed by question poster.

Collapse -

Border Manager 3.5 Reverse Proxy Anyone?

by rmount In reply to Border Manager 3.5 Revers ...

Border Manager lets you assign a port to your proxy accelerators.

NAT is not involved at all.

Try this:

- Add your secondary IP Addresses.
- In NWAdmin, make sure to add the addresses you assigned above to the proxy (click the "IP Addresses" button then "Add").
- On the acceleration tab, click on add, then define the port you want to listen on and ip address you want to listen on on the public side (on of the seconary addresses you added) and assign the private side ip address and port as well. These can be any ports but try to avoid common ports like 25 (smtp) and 21 (ftp).
- In FILTCFG add an inbound rule to allow TCP traffic to the Border Manager server's IP Address (public side). Use stateful packet type to the port youassigned in NWAdmin.

Hope this helps.

--Rob

Collapse -

Border Manager 3.5 Reverse Proxy Anyone?

by Ole_Ethernets In reply to Border Manager 3.5 Revers ...

Thank you for the input! We are glad to eliminate the use of NAT, and adding secondary ipaddresses for Reverse Proxy. Combining what we know about our system with what you have offered here, we are able to accomplish the task in a much more efficient manner. Also, thank you for the help with the filter setup information. We were not quite certain what minimum filter exception would work, or what minimum filter would be needed. Thanks again!

Collapse -

Border Manager 3.5 Reverse Proxy Anyone?

by Ole_Ethernets In reply to Border Manager 3.5 Revers ...

This question was closed by the author

Back to Networks Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums