Find the answer to your Linux question:
Results 1 to 9 of 9
so I have an external server and an internal server connected via OpenVPN. I'd like to expose specific services on the internal server (say, apache) to the internet via the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46

    expose VPN services to internet


    so I have an external server and an internal server connected via OpenVPN. I'd like to expose specific services on the internal server (say, apache) to the internet via the external server. I have a feeling this should be a fairly simple task involving either iptables, squid or NAT but I'm not exactly sure how to do this.

    anyone have a quick thought or tutorial link? I'd even accept a book title for something related to complex Linux networking config.

    thanks,
    -rb

  2. #2
    Just Joined!
    Join Date
    Jul 2009
    Posts
    15
    I think using squid or apache on the external server as a reverse proxy is the way to go here if you are considering web traffic. This way you are not permitting direct access to the internal server.

    Is the external server already running a web server?

  3. #3
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46
    Quote Originally Posted by paulkoan View Post
    I think using squid or apache on the external server as a reverse proxy is the way to go here if you are considering web traffic. This way you are not permitting direct access to the internal server.

    Is the external server already running a web server?
    yes, the external server is running apache2. should I look at something like mod_proxy?

  4. #4
    Just Joined!
    Join Date
    Jul 2009
    Posts
    15
    Yes, mod_proxy would be the way to go I think. Give it a whirl and report back if you get stuck!

  5. #5
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46
    Quote Originally Posted by paulkoan View Post
    Yes, mod_proxy would be the way to go I think. Give it a whirl and report back if you get stuck!
    wow, its working great. now all I need to do is stress-test apache this evening. (its had some stability issues so I like to slap it around after changing configs / adding modules)

    thanks

    [edit] actually, this only works for HTTP. thats what I'm trying to do at the moment, but eventually, I may want to do this for non-HTTP protocols.

    [edit2] if I have a line like:
    Code:
    ProxyPass /tank http://192.168.10.1/tank
    and I connect to example.com/tank, it attempts to connect to 192.168.10.1. however, if I add the trailing slash (example.com/tank/), then everything works correctly. I'm lazy and leave the trailing slash off frequently, so should I just alias things to add the slash? whats the reasoning behind this behavior?

  6. #6
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46
    Quote Originally Posted by paulkoan View Post
    Yes, mod_proxy would be the way to go I think. Give it a whirl and report back if you get stuck!
    have any tips on cgi-bin? I've tried ReverseProxy, but it doesnt seem to be working how I think it is.

  7. #7
    Just Joined!
    Join Date
    Jul 2009
    Posts
    15
    Quote Originally Posted by NeoIce View Post
    Code:
    ProxyPass /tank {url}/tank
    and I connect to example.com/tank, it attempts to connect to 192.168.10.1. however, if I add the trailing slash (example.com/tank/), then everything works correctly. I'm lazy and leave the trailing slash off frequently, so should I just alias things to add the slash? whats the reasoning behind this behavior?
    When you use the / at the end, you are saying this is a directory, and it should open one of the Index documents, such as default.html or index.php

    Otherwise it thinks it is a file it is trying to get.

  8. #8
    Just Joined!
    Join Date
    Jul 2009
    Posts
    15
    Quote Originally Posted by NeoIce View Post
    have any tips on cgi-bin? I've tried ReverseProxy, but it doesnt seem to be working how I think it is.
    Sorry - I am not clear on what you are trying to do with cgi-bin...

  9. #9
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46
    Quote Originally Posted by paulkoan View Post
    Sorry - I am not clear on what you are trying to do with cgi-bin...
    well, if I do a line like
    ProxyPass /nagios http://192.168.10.1/nagios3

    I get cgi-bin errors. I dont think mod_proxy is doing exactly what I think it is because I'd expect the 192 address to be running the cgi and then returing the results over the proxy.

    similarly, I'm having issues with a page that use AJAX. my requests make it to the server, but I dont ever see the server responses until I refresh.

    I think this is what ProxyPassReverse was for, but I couldnt seem to get that to work either.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •