Setup:
Created VM A with squid proxy installed on an static external IP.
Created another VM B. This VM also has its own external static IP.
Now I want to restrict internet access on VM B and all calls from that VM should be proxied to VM A.
I have this setup in GCloud, what would be the best way to make this work.
I have referred a couple of articles on GCloud but most of the examples have this setup within a VPC network and that can be managed through the internal IPs.
Any recommendations on this would be highly appreciated.
Finally I was able to find a solution for the problem I posted.
Here is what I did
I created two VMs
VM A with windows server OS
VM B with Linux OS and squid proxy installed
I had two setup firewall rules for both these VMs under VPC Network in GCloud
In VM A, I added a proxy setting in Windows to forward all calls to VM B
In VM B, I updated the squid.conf to allow access to VM A and also to allow a set of websites that can be called from VM A and restricted all other websites.
Related
I have a legacy system. It contains a number of servers running on Linux and a number of GUI clients running on Windows. All the components (servers and clients) are in the same network and they communicate with each other directly. They are identified by ip and port number.
For development purpose, I now run the servers in containers using compose on a Linux host. The servers communicate with each other within the docker network without any issues. However, I have trouble to make the client work with servers. Port mapping doesn't work here since a client needs to talk to many servers with different or same port. What I am asking is if it is possible to treat the Windows client as part of the docker network. I read about tools such as weave net, etc., but haven't found anything useful. Any suggestions?
I am trying to connect my BACNET client which has been containerized and the BACNET server which is running on the host machine. I am using Docker for Windows on Windows 10 (host machine) with Linux containers.
I have tried the following:
a. Publishing the ports 47808 for the client container with the run command.
b. Running the container with network=host, to access services of localhost.
c. Tried specifying the gateway IP as the server's IP address with run command.
d. Running the container in the same subnet as my server
e. Running the container with the host IP specified and the ports published.
My bacnet server, taken from https://sourceforge.net/projects/bacnet/ always connects to the DockerNAT, 10.0.75.1? Any idea why does this happens? The server application is not a container but an executable file.
Server IP:10.0.75.1 (dockerNAT)
Client container running on host machine.
From a quick google:
For Windows containers this component is not used and containers and
their ports are only accessible via the NATed IP address.
With respect to BACnet, this is going to put you in a world of hurt. You will have to use BACnet BBMD with NAT support in your container to achieve this, and your BACnet Client will have to register as a BACnet Foreign Device. The BACnet Stack at SourceForge does seem to have some NAT support (the code seems to be there but I have never tested it in its original form).
So what you are seeing is 'expected', but your solution is going to require that you become much more familiar with BACnet BBMDs than you ever want to be. Read the BACnet specification carefully. Good luck.
I am using Liberty inside Bluemix Docker container groups. I want to integrate on premise monitoring tools with these container groups to monitor Liberty JMV.
Using rest adopter, I can do this when we have one member in the group, but not with more than one member in the group as the JMX is exposed through the load balancer. I can not access the container ports directly as these have Bluemix private IPs.
You can get to the private ips, but you'll have to either get in via the VPN service, or via an ssh tunnel through another container in that same space. That may be the simplest (and most secure) way to access that remotely.
I have some docker containers running on Bluemix using private IP addresses. I would now like to setup a tunnel from my laptop (running linux) to access the private network on Bluemix.
I had first created a container running an ssh-server. Using ssh -D I was able to setup a SOCKS5 proxy connection. This worked fine with Chrome but not all applications support a SOCKS proxy.
(google-chrome --proxy-server=socks5://localhost:<tunnel port>)
So I tried to create a container with an OpenVPN server. Unfortunately this does not work on Bluemix as the containers are not running privileged and thus can not create a tun device.
Bluemix also has a VPN and a Secure Gateway service, which sound promising but so far I could not figure out how to get those working.
Does anybody know if it is possible to make the private docker network available locally and how to connect to that?
Generally speaking containers should be used to implement services available to external applications (an APIs service, or a runtime, or a dbms, or something like that).
According to this, what you could achieve is a set of services available for you on different containers, and a single container working as SSH tunnel gateway, making your local environment connected to it using SSH and defining a set of local and remote SSH ports forwarding, with different policies according to the service/port and the IP of the service.
It should work for all the services, and you haven't to use a socks proxy to forward requests to different hosts: using remote SSH forwarding your SSH endpoint will redirect your requests to the right service inside the local/private lan.
I found that this guide describes correctly how to work with local&remote port forwarding.
http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html
About the OpenVPN solution, as you already know it is not possible to use software requiring privileged mode on containers, because it couldn't be allowed on Bluemix due to security reasons: if you wish to have this kind of solution I strongly suggest you to use OpenVPN on a VM on Bluemix UK region (still beta but an architecture expected to be the final architecture as soon as VM service will become GA service)
I think that these options are the ones available on Bluemix to achieve what you describe without using the VPN service suggested by #bill-wentworth
I have a basic Lamp container installed and running using Kitematic. I want to access the url over lan for testing purpose.
Enabling bridged networking on the dev VM should allow you to do this, though it requires take a few steps for now. Make sure you understand the security implications of allowing all other machines on the network to contact the VM.
Add a third network adapter in the VM settings pane. For Name, choose the adapter or network on which you want your VM to be accessible.
To get the the IP of the VM, type the following on CLI:
docker-machine ssh dev
ifconfig
And look for the IP with the same subnet as other machines on the network. E.g. 192.168.0.x
Open the web preview as usual in Kitematic.
Lastly, replace the IP in the browser bar with the one found in step 3.
This should be accessible to other machines on the network.