| 1 |
Andreas Herrmann wrote: |
| 2 |
> mRyOuNg schrieb: |
| 3 |
>> Microsoft ISA Server is a Firewall/Proxy/Reverse-Proxy ... |
| 4 |
>> |
| 5 |
>> So in your case, I suppose it does a reverse proxy job (not a tunneling, |
| 6 |
>> just working as a web client for internal network). |
| 7 |
>> |
| 8 |
>> I already replaced several ISA server with GNU/Linux solutions, with the |
| 9 |
>> help of Apache and his mod_proxy ... that's imho your solution. |
| 10 |
> |
| 11 |
> Can this also be done for SSH und IMAP stuff? |
| 12 |
> |
| 13 |
IMAP proxying is also possible (for example, uw-imapproxy does the |
| 14 |
job)... Don't know for the SSH part (never find it useful as i don't |
| 15 |
publish ssh to external network)... |
| 16 |
|
| 17 |
The fact is that http reverse proxy is hostname based (virtual hosts) |
| 18 |
which means that even with only 1 IP, you can host several websites ... |
| 19 |
That's not the same for IMAP or SSH ... because thoses services are not |
| 20 |
hostname based... |
| 21 |
|
| 22 |
If you want to publish only 1 IMAP server to external network (for |
| 23 |
example, imap.domain.tld), there's no problem then ... proxying or |
| 24 |
nating is the way it's usually done (via DMZ for the NAT part). |
| 25 |
Else, if you want, with only 1 IP, to publish several IMAP servers to |
| 26 |
external networks without using "exotic" tcp/udp ports, then, that's a |
| 27 |
bit trickier, and needs some studies... |
| 28 |
|
| 29 |
Ofcourse, SRV feature exists in DNS system, but there are not that |
| 30 |
useful except for kerberos service and such ... not for imap or ssh... |
| 31 |
|
| 32 |
|
| 33 |
. /mRyOuNg/ . [ SoundBomb . Syn[Rj] ] . |
| 34 |
|
| 35 |
mail: mryoung@×××××××××.net <mailto:mryoung@×××××××××.net> |
| 36 |
web : mryoung.soundbomb.net <http://mryoung.soundbomb.net/> |
| 37 |
-- |
| 38 |
gentoo-server@g.o mailing list |
Archives