Firewall / Reverse Proxy Config Questions.
- From: "Serpico" <iiisystems@xxxxxxxxx>
- Date: 16 Mar 2006 18:26:21 -0800
I am putting together a proxy/firewall config ... and I want to pass
this by the pros to make sure I have this correct (this is my first
shot at something like this) ... and for suggestions/answers.
1: Proxy: Windows 2003 Web Edition running Apache 2.0 will act as a
reverse proxy with 2 IP's (NIC1 with 2 IPs assigned via IP aliasing) in
front of the FW.
2: Checkpoint Firewall.
3: 2 Windows 2003 Web Edition HTTP servers behind the FW
Two domains with SSL Certs will be hosted on the proxy in the DMZ:
NIC1 is connected to the ISP
https://one.somedomain.com (PUBLIC IP1:443 on Proxy NIC1)
https://two.somedomain.com (PUBLIC IP2:443 on Proxy NIC1)
NIC2 is connected to the FireWall DMZ NIC
So:
PUBLIC IP1:443 (https://one.somedomain.com) on Proxy --> FireWall Port
5000 --> INTERNAL IP1:80
PUBLIC IP2:443 (https://two.somedomain.com) on Proxy --> FireWall Port
5001 --> INTERNAL IP2:80
Site "One":
Proxy will fwd requests from "one:443" to "Firewall IP Port 5000".
Firewall will fwd requests from "Firewall IP Port 5000" to "Internal
IP1:80".
Site "Two":
Proxy will fwd requests from "two:443" to "Firewall IP Port 5001".
Firewall will fwd requests from "Firewall IP Port 5001" to "Internal
IP2:80".
Three Question:
1: Does this look correct? Any errors?Am I close?
2: Do I need to setup some sort of routing on the Proxy to route
traffic from NIC1 to NIC2?
3: I am not sure how the IP's should be config'd between the proxy and
the FW:
Proxy NIC 1 is easy since that is obviously the ISP IP config, and the
internal net I can make whatever I need it to be. So what would the
IP/Gateway/Netmask config be for Proxy NIC2 and the FW DMZ NIC?
Thanks.
.
- Prev by Date: Intrusion attempts - are they for real?
- Next by Date: Pix 501 -to- Pix 501 VPN
- Previous by thread: Intrusion attempts - are they for real?
- Next by thread: Pix 501 -to- Pix 501 VPN
- Index(es):
Relevant Pages
|
