Henk-Jan Kloosterman wrote:
> I have set up something simular, but I do not understand why you let the
> firewall redirects port 25 and 80?
> Simply configure an accelerator, ready.
>
>
Well, the true Exchange machine is in a private IP address range. The
site administrator ( I'm a contractor ) wants EVERYONE on the outside to
ONLY access WebMail through Squid, preferably without them ever
realizing that the redirection is even taking place ( security through
obscurity ). He has the firewall set to redirect those 2 ports ( 25 & 80
) to the private IP on the internal network but is only allowing the
Squid server's IP address to access it. If I bring up Netscape on the
Squid machine itself, in the DMZ with a public IP, I'm able to access
WebMail with no trouble so the port redirection seems to be working
correctly.
I have only come up with 1 suggestion and I'd like someones ( anyones )
opinion of my theory. If the 2.5Stable release parses /etc/host records
first then I could duplicate/masquerade the hostname. In this case the
access sequence would go as follows:
1. Browser accesses proxy.somedomain.com/Exchange which resolves through
DNS to point to Squid server.
2. Squid looks up this hostname in /etc/hosts and redirects access to
FW, still using the proxy.somedomain.com hostname in headers.
3. Exchange builds the reply based on hostname in original host header
so it says <"Document Moved: proxy.somedomain.com/Exchange" > which is
passed all the way back to browser.
This seems like it would be feasible to me, can anyone poke holes in my theory before I spend the time to configure it?
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jim Williams President - General Manager Linux-Class.com phone:214.557.3626 fax:972.404.0410 Break Out of the Windows Box! Explore the possibilities of Open Source Software. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Received on Tue Dec 04 2001 - 10:32:26 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:13 MST