I'm having some problems that I think I should not be ordinarily facing. But after being beating senseless by this, I'm calling out uncle.
I have previously posted something along these lines here: (Clickety)
Now, I'm looking for any answer to my problem
We have a network as follows:
__________ DMZ (10.0.0.0/24)
|
WAN ----- PFsense ---------- LAN (192.168.1.0/22)
|
|_________ Wireless (172.169.50/24)
WAN has one IP and since we're a Red Cross society, we have no money because in fact we are a charity case we cannot afford to get more IPs (they cost a pretty penny here in Jordan)
So access to all services on the inside of the firewall is a must.
Here's the funny part. I'm a developer that had to assume the mantle of admin.
I've tried the previous acls in the link above and even with more acls, all I can ever get is a route to the webserver on the DMZ; even though I'm trying to access the DVR which is on the LAN subnet and the DNS resolves it correctly.
Of course, it gets more complicated as there are other services that need the involvement of ssl (specifically, exchange\owa).
So, I've come to you my friends, shuffling on my knees, face battered and soul withering, reaching out with my hands, asking for an answer that I hope will not destroy the network(s) or my soul.
Basically, I'm trying to get reverse proxy to work on my network, preferably with minimal change, so that we can use our services from web-side the firewall. If it can be done with squid (the one on PFsense) then fantastic.
Many thanks for any and all answers.
-
Yeah, seconding radius... not sure what the question here is.
Zoredache : Please do not add comments as an answer.From Tony -
- Put anything that needs public access on the "DMZ" segment. That is standard security.
- In PFsense, use the "Firewall: NAT: Port Forward" to assign public WAN-IP:port to the resource on the DMZ
There are 65534 ports to choose from although some are more standard that others e.g. port 80 for HTTP.
Mustafa Ismail Mustafa : I've already done that with some of the services, with port 80 being forwarded to the webserver itself, but I keep on getting bombarded with questions because people keep on forgetting the port numbers. That's why I wanted to implement a reverse proxy, this way they'd simply use subdomains and that gets routed accordingly. Just to be clear: Instead of http://www.myweb.com:8000, we would use: http://surveillance.myweb.comFrom delimiter
0 comments:
Post a Comment