Single instance of tinyproxy Or have to setup multiple instances of tinyproxy

[zoheb]

My VM has 5 private IP addresses: 10.20.57.11 - 15

I have to map different outbound WAN IP for each of the above IP.

10.20.57.11 -- mapped to 20.20.20.20

10.20.57.12 -- mapped to 20.20.20.21

and so on..

I can get it done  through the firewall.

 

Now what I want is to setup a forward proxy on port 9090 for all private IPs such that

--- when 10.20.57.11:9090 is used in browser settings, the user will get WAN IP 20.20.20.20

--- when 10.20.57.12:9090 is used in browser settings, the user will get WAN IP 20.20.20.21

and so on

 

Can this be achieved through single instance of tinyproxy? Or we have to setup multiple instances of tinyproxy with different IPs?

 

Any other better approach would also do... thanks in advance.

 

 

 

[Mindovermaster]

@BudMan

[+BudMan]

why do you need/want a proxy?  Looks like you already mapped your outbound traffic?  What firewall are you doing this in?

[zoheb]

What firewall are you doing this in?

--> Its Cisco FIrepower 4120

 

you already mapped your outbound traffic?

--> Even though outbound traffic is mapped in fw, do we not need any service on some port for users to use?

--> users will not have access to the server but can only use the service through their browsers.

 

 

[+BudMan]

huh??  Users where outside or inside?

[zoheb]

On 10/21/2016 at 6:22 PM, BudMan said:

huh??  Users where outside or inside?

Users are from outside over the WAN.

[+BudMan]

so you want a reverse proxy?  Running inside your firewall?  And you want it listening on 9090??

 

Sorry dude but at a complete loss to what your trying to accomplish here. 

 

If you have some services behind a firewall, and you own multiple public IPs.  And you have configured your services to use different public IPs?  Why do you not just do a simple port forward on the normal ports?  if you want an added security of a reverse proxy or the ability to get to multiple private IPs via the name in the uri .. like http://www.domaina.com vs http://www.domainb.com ok then.

 

But as of your current posts I just do not get what your wanting to do?? 

[zoheb]

On 10/23/2016 at 7:31 PM, BudMan said:

so you want a reverse proxy?  Running inside your firewall?  And you want it listening on 9090??

 

Sorry dude but at a complete loss to what your trying to accomplish here. 

 

If you have some services behind a firewall, and you own multiple public IPs.  And you have configured your services to use different public IPs?  Why do you not just do a simple port forward on the normal ports?  if you want an added security of a reverse proxy or the ability to get to multiple private IPs via the name in the uri .. like http://www.domaina.com vs http://www.domainb.com ok then.

 

But as of your current posts I just do not get what your wanting to do?? 

Simple port forward is what we used to do till now.  Only IT personnel have access on these servers (that other team members will not have access to these) and  IT use to port forward to mentioned servers and then other team in the office use to access it locally. But we have to remove dependency of IT on productivity of other team. Sometimes IT are busy with other tasks to work on their requests efficiently.

 

For this reason we have to deploy a mechanism for other team members to use specific IP (different private nw) and port to have  outbound requests going through specific WAN IP.

 

so you want a reverse proxy?  ---- > No, I want a forward proxy running inside the firewall listening on port 9090 so that other team members can access the service.

 

Sorry if I am not able to explain it properly

 

 

[+BudMan]

"For this reason we have to deploy a mechanism for other team members to use specific IP (different private nw) and port to have  outbound requests going through specific WAN IP."

 

What???

 

So these servers are open to the public??  I am at a complete and utter loss to what your wanting to do??  If you have servers on your network that you do not want users to access locally.  But they are available to the public??  That makes ZERO freaking sense.

 

If you have local webserver, what could they be doing that you don't want your company users to access?  They sure would not have access to admin the servers, etc.

 

Sure if you want to put a proxy local to access something local, and then create a firewall rule to only allow that proxy to access that something.  You sure and the hell do not need multiple proxies running to do that..