WebSecurity: Proxies and Profiles Mapping to Additional Addresses
I would like to have the same flexibility as using SNAT in the definition of the internal networks (as I have the dozen or so) for which the public IP address by the transparent proxy is to go to the Internet.
Unfortunately Fully Transparent HTTP Proxy does not offer this functionality.
Read more at http://www.astaro.org/astaro-gateway-products/general-discussion-feature-requests/25390-feature-requests-configuration-proxy-profiles-use-different-public-source-ip.html#post109466
wamar
shared this idea
12 comments
-
Bob Alfson
commented
One of my clients has employees of two different customers in their building. They have VPNs to those customers and each employee of the customers needs to use web apps over the VPN to their employer. Presently, the solution is to have a second proxy that's used as a parent proxy to relay through the tunnel. Please extend this idea with, for example, the ability to use ppp0 like eth0, thereby allowing a profile to be directed over a VPN without having to use another proxy.
-
Zach SeRine
commented
badly need this
-
Bob Alfson
commented
Bram, I think this already as been suggested: http://feature.astaro.com/pages/17359-astaro-gateway-feature-requests/suggestions/184039-websecurity-extra-transparent-http-proxy?ref=title
-
Massimo Dalla Giustina
commented
For me it is usefull for smtp proxy. The v7.4 gives the uplink balancing feature but this works with phisical interface. Instead, with a single external interface with several IP aliases, it's not possible to bind the smtp proxy to a specific IP and other IPs to other internal (no proxed) smtp servers. I tried using the NAT and usually it works but sometimes the smtp proxy gets priority over the NAT rule...sometimes the smtp proxy get priority over the NAT rule...
-
wamar
commented
Thanks to everyone for the votes submitted.
Please, take a look at one feature, the lack of which is pain in Astaro at
http://feature.astaro.com/pages/17359-astaro-gateway-feature-requests/suggestions/183130-integrated-configuration-of-the-security-policy -
Ugur ALTINSARI
commented
its a great work
-
Ali KAVAL
commented
if you are using private ip blocks in LAN, all http proxy profiles go to internet same WAN ip address. we have to give different public ip addresses for each profile. We want to follow these profiles with different ip addresses in internet.
-
Ali Ihsan Kaval commented
we want to give different public IP address for each local networks in transparent proxy.
-
wamar
commented
At http://feature.astaro.com/pages/17359-astaro-gateway-feature-requests/suggestions/184039-websecurity-extra-transparent-http-proxy you can find feature by which you can bind HTTP Proxy service to any interface of any public IP. Please vote there.
-
wamar
commented
This is not the same.
It can start from the beginning. To be clear, with HTTP network traffic without running transparent proxy I can use SNAT to release on the outside using any interface and defined additional IP addresses. With Masquerading I can't.
As rightly noticed in the future will enable a new feature that is described in the thread Feature request: Masquerading for additional IP-addresses.
I personally think that this feature is redundant if the same effect is achieved using a SNAT.But above all this is not my problem. My problem and my new feature request application for HTTP network traffic which uses a transparent proxy.
I just, I would like to have the same flexibility as using SNAT in the definition of the internal networks (as I have the dozen or so) for which the public IP address by the transparent proxy is to go to the Internet.
I hope this will help understand my problem and all the administrators who have lots of local area networks and would like to use transparent HTTP proxy on the outside have been shown under different public IP addresses.
-
Bob Alfson
commented
-
Sascha Paris
commented
This should already be possible since Version 7.4 and it's internet uplink balancing feature.
