#1  
Old 21st May 2009, 22:17
d31373 d31373 is offline
Junior Member
 
Join Date: Nov 2007
Posts: 11
Thanks: 1
Thanked 0 Times in 0 Posts
Default Transparent reverse squid proxy

I believe that's what it would be called...Transparent Reverse Squid Proxy

My company has only 1 external IP address to use.
Our internal network topology is:
1 x Cisco 831 Router
1 x Cisco 3750 24port Switch
2 x Physical CentOS 5.3 x64 Linux Servers running VMware 2.0
1 x Physical CemtOS 5.3 i386 Linux Server running Asterisk
1 x Virtual Windows Server 2003 x64 Standard with Exchange server 2007
1 x Virtual Windows Server 2008 x64 Standard
1 x Virtual Windows Server 2003 Standard
1 x Virtual Windows XP Professional
3 x Virtual appliances for network monitoring, etc.

Obviously you would imaging, that accessing web interfaces of 6 servers has been quite challenging. I would like to setup a Squid Proxy in a VM to receive traffic for multiple ports.

The ports are 80, 443, 8222, 8333, 10000 to name a few.

Constraints:
I will be using CentOS 5.3 x64 and would like to know if anyone would be able to assist in configuring this. The only way to access the web interfaces would be through NATting the ports to the Squid Proxy.
Thus our Router IP is 10.10.10.254, the Squid Proxy is 10.10.10.253, our Windows servers are in 1-29 range, and Linux servers are in the range 30-59.

Preliminary Thoughts are:
How would I configure Squid to accept multiple ports?
How do I use squid to retreive the LAN based web interface and forward it out the Router without configuring Squid to be the gateway device?

Thank you everyone for your considerations, and I am sorry if it appears that I do not know what I am doing. This will be my first Squid Proxy setup. I have used Linux for over 10 years, but with varying software, and the fact that most of my customers use Windows, causes me to lack some experience. Additionally I would like to use this as a learning experience in squid, proxying, and iptables.

Last edited by d31373; 21st May 2009 at 22:20.
Reply With Quote
Sponsored Links
  #2  
Old 22nd May 2009, 17:36
stefanos stefanos is offline
Junior Member
 
Join Date: Nov 2008
Posts: 29
Thanks: 6
Thanked 1 Time in 1 Post
Default

Hi d31373,

I had a similar question and ended up going with a simple approach and doing it with apache's reverse proxy as a front end machine.

I am guessing you could configure apache to listen on Port 80 & 8222 {vmware} and proxy to the server you want based on the header host.

for https (443 & 8333) it's a bit more tricky as you need to read the headers.

As for other traffic say ssh pop3 etc.. I don't think you can go through a proxy server it's just for http/https traffic and you will need to NAT to the server. i.e. port 25 would NAT to server A
pop3 would NAT to server B etc..

But I am not sure. If you find out how to do it please let me know.

Stephen
Reply With Quote
  #3  
Old 22nd May 2009, 18:12
d31373 d31373 is offline
Junior Member
 
Join Date: Nov 2007
Posts: 11
Thanks: 1
Thanked 0 Times in 0 Posts
Default

I think you nailed it right on the head. I ONLY want to forward http/https traffic.
HTTP ports 80, 8088, 8222; HTTPS ports 443, 8333, 10000.

it is only an issue of accessing the web interfaces of the servers inside of the network withour mapping external port 81 to port 80 on one server, external port 82 to port 80 and another server, etc.

smtp = forwards to Exchange Server 2007
rdp = forwards to Windows Server 2003
vnc = forwards to vm1
ssh = forwards to the proxy server, then establish ssh to other servers

Do you have any idea how/where to begin? What should I research first? I have no problem doing footwork to get this completed, perhaps someone else with more know-how can help lay the foundation. Are there any linux distributions targeted specifically at tackling this particular issue? Something, I can use to base my experience (possibly implement temporarily)?
Reply With Quote
  #4  
Old 22nd May 2009, 19:25
stefanos stefanos is offline
Junior Member
 
Join Date: Nov 2008
Posts: 29
Thanks: 6
Thanked 1 Time in 1 Post
Default

Well I did it like this...{just got this from my history file}..

apt-get install apache2
a2enmod proxy
a2enmod proxy_http
/etc/init.d/apache2 force-reload

a2enmod proxy_connect
a2enmod ssl
/etc/init.d/apache2 force-reload

###Create vhost file in /etc/apache2/sites-available/domain.com.vhost as follows

<VirtualHost *:80>
ServerName www.domain.com

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass / http://www.domain.com/
ProxyPassReverse / http://www.domain.com/
</VirtualHost>

a2ensite domain.com.vhost
/etc/init.d/apache2 reload


I think you will also need to add into /etc/apache2/ports.conf to listen on the ports you want.

My HTTP works fine I have not tried with https yet.

So I will pass on where I got all my info from:
http://www.howtoforge.com/apache_rev...roxy_ispconfig
http://www.apachetutor.org/admin/reverseproxies
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

Hope this helps.
Stephen
Reply With Quote
The Following User Says Thank You to stefanos For This Useful Post:
d31373 (22nd May 2009)
  #5  
Old 22nd May 2009, 19:32
d31373 d31373 is offline
Junior Member
 
Join Date: Nov 2007
Posts: 11
Thanks: 1
Thanked 0 Times in 0 Posts
Default

THANK YOU! I will begin working on implementing, any additional info would be greatly appreciated, hopefully I will have something up by mid next week.
Reply With Quote
  #6  
Old 22nd November 2009, 20:44
stefanos stefanos is offline
Junior Member
 
Join Date: Nov 2008
Posts: 29
Thanks: 6
Thanked 1 Time in 1 Post
Default

This is just to add some addition info I found that might be of help for anyone reading this post: it's about logging behind a proxy server. It has some problems as X-Forwarded-For can have multiple ip addresses. If anyone knows how to solve this I would be grateful.

I do my logging this way as opposed to apache's suggestion just to change the %h because I was unsure what would happen to my logs if the X-Forwarded-For was not set (eg if a local request was made from/to the server say via a cgi script).

Code:
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" log_x_forward_for

SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" is-forwarder

CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined env=!is-forwarder
CustomLog /var/log/apache2/other_vhosts_access.log log_x_forward_for env=is-forwarder
hope it help
Stephen
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure Squid reverse proxy for apache staticanime Installation/Configuration 2 11th May 2009 14:03
Question on: How To Set Up A Caching Reverse Proxy With Squid 2.6 On Debian Etch tomdkat HOWTO-Related Questions 2 25th January 2009 00:56
Squid transparent proxy with WCCP2 rollyah Server Operation 0 21st December 2008 21:30
Mod_Perl Configuration Issue szise Installation/Configuration 4 28th November 2008 12:41
Squid as a Reverse Proxy for ISPconfig on the same machine RotHorseKid Installation/Configuration 15 7th December 2005 18:24


All times are GMT +2. The time now is 23:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.