[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] port-share with 2.6.21.5


  • Subject: Re: [Openvpn-users] port-share with 2.6.21.5
  • From: Colin Ryan <colinr@xxxxxxxx>
  • Date: Sun, 28 Oct 2007 09:12:21 -0400

Christian,

I've got it now, I just had to more tightly bind the backside web 
service to a private virtual interface. Still have some issues, but 
unrelated to the port-share functionality.

Again, thanks and  so it does work !! ;-)

C

christian laubscher wrote:
> On Sat, Oct 27, 2007 at 01:27:31PM -0400, Colin Ryan wrote:
> [...]
>   
>> To me your description of what you are using it for is in all practical 
>> cases not different than mine.
>>     
>
> ok.
>
>   
>> This sounds all right "remembering connections", and "reponses to right 
>> outbound connection", but in what I'm seeing it simply redirects the web 
>> client to the port-share targets, which ultimately must be directly 
>> accessible for public IP's and port forwardings/NAT etc.
>>     
>
> no, unless the client can reach the target machine *directly*, in 
> which case not openvpn would do such a thing, but the tcp/ip stack 
> itself (tcpdump/wireshark would show you how).
>
> good - let's see what i'm doing:
>
> - my frontend - one external address - accepts incoming port 443.
> - on my frontend, an openvpn server 2.1_rc4 is running with 'port-share'.
> - the openvpn server accepts connection requests meant for him.
> - the openvpn server proxies/passes on/ reroutes/whatever requests 
>   meant for my apache server to the *internal* address of my web server.
>
> qv:
>
> (BigBadInternet)
>        ^
>        |
>        V        (external ip, 443)
> +---------------+
> | frontend with |
> | nat/routing   |
> | &firewall     |
> +---------------+
>        ^        (internal ip, second interface)
>        |
>        V        (internal ip, 443)
> +---------------+
> | backend with  |
> | web server    |
> +---------------+
>
> the firewall rules on the frontend do not reflect an external 
> accessability other than '(tcp) external_ip:443'.
>
>   
>> Again, I don't have to have both applications running on 443 but I do 
>> wish to have to only have 1 external port available on 1 external IP 
>> address and have access to both the web and ovpn service.
>>     
>
> that's exactly what i'm doing, i think... ;-)
>
>
> btw: how do you test it?
> not from the 'inside', i hope?
>
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users