Comments on: Understanding Mobile Access Server http://www.jonsblog.org/2010/07/13/understanding-mobile-access-server/ Just another WordPress weblog Sat, 04 Feb 2012 21:26:59 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Jon Brown http://www.jonsblog.org/2010/07/13/understanding-mobile-access-server/comment-page-1/#comment-147 Jon Brown Sat, 11 Sep 2010 19:52:52 +0000 http://www.jonsblog.org/?p=167#comment-147 Well it would be interesting to find out for sure, all you really need to do to test lets say your linux server is at ip address 209.201.10.30 and your gateway server, running mobile access is on 206.203.20.42 and lets say you had a website you want to run through the proxy, then you would change your public dns record for the site lets say example1.testsite.com running on your linux box to point to 206.203.20.42 then on the gateway server, you would add a dns record that points example1.testsite.com to 209.201.10.30 and then add the site to the web proxy area of the mobile access server this may or may not work, I am interested to find out though. The issue that you have is that you do not have a server that can act as the gateway, and that is really the sole purpose of the mobile access service. The above scenerio would still require a third server however we are using a used mac mini to do the proxying, but again you could try to enable mobile access server on your current osx server since the request is DNS to OSX Server --> OSX Server --> Login Page --> DNS to Linux Box it may work but, worth a shot, let me know how it goes!! Well it would be interesting to find out for sure, all you really need to do to test lets say your linux server is at ip address 209.201.10.30 and your gateway server, running mobile access is on 206.203.20.42 and lets say you had a website you want to run through the proxy, then you would change your public dns record for the site lets say example1.testsite.com running on your linux box to point to 206.203.20.42 then on the gateway server, you would add a dns record that points example1.testsite.com to 209.201.10.30 and then add the site to the web proxy area of the mobile access server this may or may not work, I am interested to find out though. The issue that you have is that you do not have a server that can act as the gateway, and that is really the sole purpose of the mobile access service. The above scenerio would still require a third server however we are using a used mac mini to do the proxying, but again you could try to enable mobile access server on your current osx server since the request is DNS to OSX Server –> OSX Server –> Login Page –> DNS to Linux Box it may work but, worth a shot, let me know how it goes!!

]]> By: j gropefruit http://www.jonsblog.org/2010/07/13/understanding-mobile-access-server/comment-page-1/#comment-146 j gropefruit Sat, 11 Sep 2010 16:59:12 +0000 http://www.jonsblog.org/?p=167#comment-146 I am curious - does it ABSOLUTELY have to be on the same subnet as the server to which it is "proxying" requests? I ask because right now, I have two servers: * 1 (internal/private) os x server (serving ical, email, dns, etc etc) and ... * 1 Linux server that is PUBLICLY accessible (has a static ip). Public server has a direct 1-to-1 NAT connection to the internal server (all requests go there whether he likes it or not). This works great, but lacks the robustness of replacing the Linux box with a second os x server (which I plan on doing in a few months). The idea behind this architecture is that, instead of a link-local connection between the "public" server and the "private" server, a VIP on my firewall provides source-nat exclusively for the public server to communicate over all allowed ports/services with our private server. This VIP is not publicly accessible; it is available only to the public server itself, who only listens on a few ports to begin with. Is this even an option? While playing with Mobile Access, it "seemed" possible, but as you pointed out, one has to dig a little deeper, which I cannot do until I possess the 2nd os x server. If a direct link-local connection is unquestionably required, then I've got some thinking to do. Thanks Jon, good article. J@GropeFruit.com I am curious – does it ABSOLUTELY have to be on the same subnet as the server to which it is “proxying” requests?

I ask because right now, I have two servers:
* 1 (internal/private) os x server (serving ical, email, dns, etc etc) and …
* 1 Linux server that is PUBLICLY accessible (has a static ip). Public server has a direct 1-to-1 NAT connection to the internal server (all requests go there whether he likes it or not).

This works great, but lacks the robustness of replacing the Linux box with a second os x server (which I plan on doing in a few months).

The idea behind this architecture is that, instead of a link-local connection between the “public” server and the “private” server, a VIP on my firewall provides source-nat exclusively for the public server to communicate over all allowed ports/services with our private server. This VIP is not publicly accessible; it is available only to the public server itself, who only listens on a few ports to begin with.

Is this even an option? While playing with Mobile Access, it “seemed” possible, but as you pointed out, one has to dig a little deeper, which I cannot do until I possess the 2nd os x server.

If a direct link-local connection is unquestionably required, then I’ve got some thinking to do.

Thanks Jon, good article.

J@GropeFruit.com

]]>