Proxy and internal access

Hi all;

I've been entitled to solve the following problem: we have a portal
(running on IIS) from which we access other internal applications.
Portal and applications are behind the company's firewall and on
different hosts. We need to have Internet access to that portal and,
from it, to the other internal applications. So far, I've succeeded in
granting access to the portal using reverse proxy and a redirection
rule in my firewall. However, I can not access any applications that
is not placed in the same host (there is a link for every app in the
portal). I think the problem is that when the portal return the path
(internal IP address or URL) of the application to the client, the
path returned can not be reached from the Internet (once it is behind
my firewall). Now, is there a way to achieve that? Any idea will be
highly appreciated. Below, the scheme of my environment.

Thanks a LOT!!
Regards
Bruno Lobato

Internet
-----------
|
|200.x.x.1
-------------
|reverse proxy|
-------------
|200.x.x.2
|200.x.x.3
-----------
| firewall |Redirects packet from proxy
to Portal
-----------
|192.168.1.1
|
----------------------------------------------
|192.168.1.3 |192.168.1.2
---------- ------------
| App | | PORTAL |Calls app on 192.168.1.3
---------- ------------


Thanks again ;-)

On 2004-08-26, Bruno <bruno.lobato@veirano.com.br> wrote:
> my firewall). Now, is there a way to achieve that?

Yes, rewrite your portal.
Davide

--
Fortune:oooops!

Davide

Before doing anything as radical and costy as that, what do you think
about running the portal on apache instead of IIS and configure it as
a second reverse proxy ? Might it work?

Regards

Bruno



Davide Bianchi <davideyeahsure@onlyforfun.net> wrote in message news:<slrncitg7l.1it.davideyeahsure@fogg.onlyforfu n.net>...
> On 2004-08-26, Bruno <bruno.lobato@veirano.com.br> wrote:
> > my firewall). Now, is there a way to achieve that?
>
> Yes, rewrite your portal.
> Davide

On 2004-08-27, Bruno <bruno.lobato@veirano.com.br> wrote:
> Before doing anything as radical and costy as that, what do you think
> about running the portal on apache instead of IIS and configure it as
> a second reverse proxy ? Might it work?

The problem is that if your 'application' respond putting his internal
IP/name in the html page generated, that IP/name won't work on the
internet. Is as simple as this.

The only solution is to rewrite such application in a way that doesn't
put his own IP/name in the page that are generated, sometime you have
to rewrite the entire application to achieve that. Any other workaround
is just a workaround, prone to crash and burn at any moment.

Application that are _NOT_ designed to work on the internet should
not be used on the internet.

Davide

--
Deliberation, n.:
The act of examining one's bread to determine which side it is
buttered on.
-- Ambrose Bierce, "The Devil's Dictionary"

Davide;

yeah, you're right. Thanks for your help.

Regards

Bruno

Davide Bianchi <davideyeahsure@onlyforfun.net> wrote in message news:<slrnciuvrj.1m9.davideyeahsure@fogg.onlyforfu n.net>...
> On 2004-08-27, Bruno <bruno.lobato@veirano.com.br> wrote:
> > Before doing anything as radical and costy as that, what do you think
> > about running the portal on apache instead of IIS and configure it as
> > a second reverse proxy ? Might it work?
>
> The problem is that if your 'application' respond putting his internal
> IP/name in the html page generated, that IP/name won't work on the
> internet. Is as simple as this.
>
> The only solution is to rewrite such application in a way that doesn't
> put his own IP/name in the page that are generated, sometime you have
> to rewrite the entire application to achieve that. Any other workaround
> is just a workaround, prone to crash and burn at any moment.
>
> Application that are _NOT_ designed to work on the internet should
> not be used on the internet.
>
> Davide