Article delegate-en/437 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] transparent http proxy relay intranet to backbone - one solution found
23 Apr 1999 01:27:39 GMT yossman <pwqaqbdyi-xtc56t3iernr.ml@ml.delegate.org>



in case anyone else was wondering...

if you use delegate's tcprelay feature, it seems to work fine for the
application i listed previously to this list.  command-line on the
intranet-delegate (10.0.0.1):

./delegated -P8080 SERVER=tcprelay://192.168.1.1:8080 PERMIT="*:*:10.0.0.2,10.0.0.3"

anything directed at port 8080 on intranet-delegate (10.0.0.1) from 10.0.0.2
or 10.0.0.3 (the only two nodes allowed to use intranet-delegate) will be
handed over to backbone-delegate (192.168.1.1), port 8080.  other nodes
along 10.0.0.* will not be allowed to use intranet-delegate.


backbone-delegate command-line:

./delegated -P8080 CACHEDIR=/var/spool/delegate/cache PERMIT="*:*:10.0.0.1:8080"

anything from intranet-delegate (10.0.0.1) directed at port 8080 on
backbone-delegate (192.168.1.1) will be handled as if it came from a real
node on 10.0.0.*.  backbone-delegate has been told to only accept
connections from one machine (10.0.0.1) requesting one port (8080), so other
people along 192.168.1.* will not be allowed to use the backbone-delegate
for their own purposes.


other advantages with this configuration: this allows intranet-delegate
admins to control which users on its own network (10.0.0.*) will be allowed
to use the proxy.  it allows backbone-delegate admins to further control who
on 10.0.0.* is allowed to talk to, by manipulating what protocols/ports it
will support being redirected from 10.0.0.1.

i advise that it would be more secure to lock down exactly what is PERMIT'd
and what is relayed in the above command-lines.  i'm continuing my
configurations to do just that, now that i've got something working. ;)


yossman

-----------------------------------------------------------------------
Yossarian Holmberg (yossman)                        pwqaqbdyi-xtc56t3iernr.ml@ml.delegate.org
Senior Systems Administrator                    http://www.nonline.net/
National Online Inc.                    National Computers and Supplies



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V