How to setup a FreeBSD server as a proxy

Klappstuhl

New Member


Messages: 1

Hi,

I have a FreeBSD server "A" running in the cloud which offers an internet service.
I want to have another FreeBSD server "B" which acts like a proxy for the server which runs my service and routes traffic from specific ports to that server for additional security reasons and administrative control.

On server "A" I have disabled user-password login and only allow key authentication.

How can I setup server "B" to act like a proxy for Server "A" on e.g. ports 4711, 4712 and 4713? All of these ports are using IPv4 UDP/TCP protocols.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,487
Messages: 32,557

I want to have another FreeBSD server "B" which acts like a proxy for the server which runs my service and routes traffic from specific ports the that server.
Why? What issue are you trying to resolve by doing this? Let's prevent an XY problem and explain exactly why you want to do this and why you think this is the right solution.

How can I setup server "B" to act like a proxy for Server "A" on e.g. ports 4711, 4712 and 4713?
What protocols are running on those ports? This will be an indication of what to use or if it's even possible at all.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,487
Messages: 32,557

All of these ports are using IPv4 UDP/TCP protocols.
UDP/TCP is pretty much implied here (it's the internet afteral). But what protocol? HTTP? NFS? IRC? SMTP? IPSec? GRE? VoIP? I can probably name a couple of dozen more protocols. Not all of them are easily proxied or forwarded, some are simply impossible.
 

neel

Member

Reaction score: 23
Messages: 83

You could mean two things, from what I understood:

  1. A "reverse" proxy like HAProxy where you have a server where "B" forwards requests to "A" in user-space
  2. Network Address Translation like pf NAT or natd, where you forward packets, where "B" is connected to the Internet and "A" is behind "B"'s LAN, similar to how a consumer-level "router" works by sharing one connection and IP address with multiple computers.
 
Top