I need the insights of the pro's :)
Our Astaro will be connected to another internal network, hosting several servers. One of those servers needs to communicate with our LAN via port 8080. However, we are also using the Astaro proxy, which is port 8080.
Wat I am trying to figure out is exactly when traffic is handled by the proxy. Is it as simple as 'Any 8080 request to WAN is considered proxy, all other requests are firewall' or will the proxy respond to any request, no matter what destionation IP?
If all 8080 requests are considered proxy requests, then we might have a bit of a challenge. I found Balfsons priority list DNAT -> proxy -> firewall -> Routing in previous posts, which would imply that in that case we could not create a rule because the proxy would handle the request first. I have been considering creating a SNAT for our internal LAN to this host, but as far as I know SNAT is the last thing that is done, so that wouldn't help either.
I was hoping that maybe we could exclude IP ranges from the proxy, however I can only allow ranges to use the proxy (source), not exclude destination ranges
I did some RFTM, but was unable to find the information which would either confirm or deny anything.
Any suggestions?
Our Astaro will be connected to another internal network, hosting several servers. One of those servers needs to communicate with our LAN via port 8080. However, we are also using the Astaro proxy, which is port 8080.
Wat I am trying to figure out is exactly when traffic is handled by the proxy. Is it as simple as 'Any 8080 request to WAN is considered proxy, all other requests are firewall' or will the proxy respond to any request, no matter what destionation IP?
If all 8080 requests are considered proxy requests, then we might have a bit of a challenge. I found Balfsons priority list DNAT -> proxy -> firewall -> Routing in previous posts, which would imply that in that case we could not create a rule because the proxy would handle the request first. I have been considering creating a SNAT for our internal LAN to this host, but as far as I know SNAT is the last thing that is done, so that wouldn't help either.
I was hoping that maybe we could exclude IP ranges from the proxy, however I can only allow ranges to use the proxy (source), not exclude destination ranges
I did some RFTM, but was unable to find the information which would either confirm or deny anything.
Any suggestions?