Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm looking to basically do something similar to NAT I suppose. I would like https requests to be sent to this server (middle server) and then those requests are actually getting answered by a backend server.
However I don't see a reason I need to decrypt the traffic at the proxy server 'or middle man stage' if you like. And then re-encrypt to send onto the backend server - seems like a bit of a pointless task.
All i'm really looking for is almost some simple routing but in such a way that its looks like to anyone that was actually to try looking that it is the middle server that's answering the requests, even though in reality it isn't.
Can I do such a thing when SSL/TLS https is involved? Or will I need to properly reverse proxy with pound/haproxy/nginx/etc, terminate the incoming SSL and then forward onto the backend after that, again back to being https to the backend as well.
Thats why if its possible to do something which i'd believe to be far simpler maybe even something as crazy as a IPtables NAT or reverse NAT? Is something i'm thinking about for the SSL traffic. So the backend servers and thus IP addresses aren't visible to anything thats looking and for all intense and purpose it looks more like everything is being answered by this middle server?
I feel like in a NAT i'm missing something obvious that won't work but for some reason I can't think what that is right now
Best Regards all and thanks for any suggestions provided.
Example layout: [user]----[internet]----[firewall]----[load balancer/proxy/NAT]----[firewall]----[internet]----[firewall]----[backend servers]
But the backend servers are already a LoadBalenced pool of servers, so really i'm wanting to simply forward on the request from this "load balancer/proxy/NAT" but in a way that it looks like that is the server that's serving the traffic.. whereas in reality it will not be.
I'm sure this is possible with a reverse proxy load balancer as suggested when talking of 'pound/haproxy/nginx/etc'. But i'm thinking that may not even be required if a reverse proxy works in the way I'm thinking it might in my head right now.
Do you think you can explain exactly why an IPtables reverse NAT woouldn't work?
In my mind it still seems perfectly reasonable. It works out of the box without having to install any piece of software, and i'd have thought, its quite possibly going to require less server resources to run as its simply IPtables rather than having to run an proxy server.