+ Post New Thread
Results 1 to 9 of 9
*nix Thread, Apache Link Translation in Technical; Hello all, I am in the process of replacing our ISA firewall for a new shiny Sonicwall Pro 3060. I ...
  1. #1
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Apache Link Translation

    Hello all,

    I am in the process of replacing our ISA firewall for a new shiny Sonicwall Pro 3060.

    I have spoken to them about the issue below but womdered if it is smoething that Apache2 itself could do.

    On the ISA firewall you have a thing called link translation where if you access a website (www.external.co.uk) ISA would translate all the link in the page to (www.internal.local) is this something that Apache could do?? If so how would i set it up??

    If I have not made it clear what I am after please let me know.

    Many thanks

  2. #2

    Join Date
    Dec 2007
    Location
    Cardiff, WALES
    Posts
    9
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Apache can do lots of stuff like that, but it is not clear exactly what you want to do.

    Do you mean have someone access www.external.co.uk which points to your gateway system and for apache to then access another webserver webserver.local and then send those pages to the client? - Apache can do that, we use it for that here

    Or do you mean when someone access www.external.co.uk it redirects them to webserver.local and then it just serves up the pages? - apache can also do this and it is quite handy for forcing people to use SSL.

    In both situations you will want to use mod_rewrite and for the first situation you will want to use mod_proxy as well.

  3. #3
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    Hey lonewolf,

    Scenario is like this:

    User opens IE at home and goes to www.john-kyrle.hereford.sch.uk this request hits our firewall and is then pushed over to our internal server and is the requested pages are served back to the user who requested the page at home.

    The above works fine the problem is:

    The server hosting the website is internal and has an internal DNS name as does the website (www.jkhs-pd.local) when the server pushes the pages back to the person at home all the links are broken as they are served up using the internal dns name www.jkhs-pd.local/.

    ISA has the ability to change all the links from www.jkhs-pd.local to www.john-kyrle.hereford.sch.uk and then back to www.jkhs-pd.local when the request comes back in again.

    Does this make more sense to you??

  4. #4
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    You need to investigate reverse proxying.

    Apache is very good at this and there are a number of tutorials on the internet that can be found via google.

    http://www.apachetutor.org/admin/reverseproxies
    http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

  5. #5

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    It'll look something like this (from memory, so possibly not quite right):

    <VirtualHost *:80>
    ServerName john-kyrle.hereford.sch.uk
    ServerAlias www.john-kyrle.hereford.sch.uk
    ProxyRequestsOff
    ProxyPass / http://your-internal-server/
    ProxyPassReverse / http://your-internal-server/
    </VirtualHost>

  6. #6

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    738
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    37

    ISA

    Quote Originally Posted by ICTNUT View Post
    Hello all,

    I am in the process of replacing our ISA firewall for a new shiny Sonicwall Pro 3060.

    I have spoken to them about the issue below but womdered if it is smoething that Apache2 itself could do.

    On the ISA firewall you have a thing called link translation where if you access a website (www.external.co.uk) ISA would translate all the link in the page to (www.internal.local) is this something that Apache could do?? If so how would i set it up??

    If I have not made it clear what I am after please let me know.

    Many thanks
    ISA should be able to do this, did you set it up correctly and if so what was the problem you were having?

    Going for the shiney new HW firewall for things like this is not ideal and they never match the packet inspection as the software FW do. I know a lot of people knock the isa firewall becuase it runs on on MS OS but with the right config and harderned server os using SCW you can get a really good solution using ISA server. can I ask what kinds of things were broken? when you tried to use link translation on isa. There have been lots of improvements to isa server 2006's link translatoion so you may want to try this out on virtual machine so see it the new version sorts out the issues you got.

    Ash.

  7. #7
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    @ashok: I am not knocking ISA 2006 at all and have it working like a dream including link translation, the reason i am looking for another firewall is that ISA 2006 has a flaw in that you can no longer do SSL Tunneling i.e open as SSL tunnel on port 443 and then try to open a second connection via that tunnel to say port 3389 (RDP). This works without fail on ISA 2000 as I have this working on at least 7 pther sites, I don't know about ISA 2004

    I have a Sonicwall SSL-VPN 2000 box sat behind ISA 2006, you can get the portal up no problem, you can login (verified against LDAP) no problem, try to open a link to the Terminal Server (Win Serv 2003) and bang you get kicked out with:

    "Because of a protocol error, this session will be disconnected. Please try
    connecting to the remote computer again."

    In the ISA 2006 firewall log you simply get:

    SSL Tunnel Failed Connection Attempt Port 3389

    This is why I am looking at other firewalls, now I have a Sonicwall pro 3060 on eval at the moment and the SSL-VPN unit works fine but now I have lost link translation that ISA 2006 does so well.

    If I am honest I would like to stay with ISA but after months of searching forums, posting to MS newsgroups, and reading numerous ISa books cover to cover I am about ready to accept defeat and look at non MS firewalls instead.
    Last edited by ICTNUT; 3rd March 2008 at 09:59 PM.

  8. #8

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    738
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    37

    Tunnel port range

    Quote Originally Posted by ICTNUT View Post
    @ashok: I am not knocking ISA 2006 at all and have it working like a dream including link translation, the reason i am looking for another firewall is that ISA 2006 has a flaw in that you can no longer do SSL Tunneling i.e open as SSL tunnel on port 443 and then try to open a second connection via that tunnel to say port 3389 (RDP). This works without fail on ISA 2000 as I have this working on at least 7 pther sites, I don't know about ISA 2004

    I have a Sonicwall SSL-VPN 2000 box sat behind ISA 2006, you can get the portal up no problem, you can login (verified against LDAP) no problem, try to open a link to the Terminal Server (Win Serv 2003) and bang you get kicked out with:

    "Because of a protocol error, this session will be disconnected. Please try
    connecting to the remote computer again."

    In the ISA 2006 firewall log you simply get:

    SSL Tunnel Failed Connection Attempt Port 3389

    This is why I am looking at other firewalls, now I have a Sonicwall pro 3060 on eval at the moment and the SSL-VPN unit works fine but now I have lost link translation that ISA 2006 does so well.

    If I am honest I would like to stay with ISA but after months of searching forums, posting to MS newsgroups, and reading numerous ISa books cover to cover I am about ready to accept defeat and look at non MS firewalls instead.
    Hi Ozan,

    I don't know if this is any use but you may need to extend the tunnel port range - http://www.isaserver.org/articles/20...portrange.html

    The above article is for isa 2004 but i suspect it might work with isa server 2006 as well.


    Ash.

  9. #9

    Join Date
    Dec 2007
    Location
    Cardiff, WALES
    Posts
    9
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by ICTNUT View Post
    The server hosting the website is internal and has an internal DNS name as does the website (www.jkhs-pd.local) when the server pushes the pages back to the person at home all the links are broken as they are served up using the internal dns name www.jkhs-pd.local/.
    This makes it sound like you have proxying working but your website is pushing out links with the FQDN in the URL - there is no need to do this - if you want to like to page2.htm in the root of the folder just link to /page2.htm not www.jkhs-pd.local/page2.htm then it will work no matter what the domain is which is used to access the site.

SHARE:
+ Post New Thread

Similar Threads

  1. [CLOSED] Layout Issue: English Translation
    By FN-GM in forum EduGeek.net Site Problems
    Replies: 6
    Last Post: 12th March 2008, 11:02 PM
  2. Word 2007 Translation Issue
    By Blind in forum Windows
    Replies: 0
    Last Post: 14th February 2008, 04:10 PM
  3. Translation Software.
    By maniac in forum How do you do....it?
    Replies: 4
    Last Post: 5th December 2007, 12:34 PM
  4. Apache on Windows with SSL.
    By maniac in forum How do you do....it?
    Replies: 4
    Last Post: 20th November 2007, 04:07 PM
  5. Apache + IIS On the same box?
    By in forum Windows
    Replies: 25
    Last Post: 7th March 2006, 03:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •