This post is mainly for my reference, but hope it would be helpful for someone else. It originates from the solution I came up with that addressed an issue in my company.
The issue was that in a typical deployment of the company's IBM chassis-based product, the customer's network (say, 10.0.0.0 network) is connected to one of the blades (control blade, via one of the redundant switches), other than the chassis' management module (MM); except that blade, all other devices are not directly accessible from the 10 network; but the customer wanted to access all other devices' web; especially, they wanted to remotely access the blade console that is provided by the MM's web interface.
Fortunately, that control blade (RedHat based) has installed Apache web server and the SSH packages. We can use them as an HTTP proxy and a SOCKS proxy, and a field support engineer could SSH to the blade.
Firstly, as a prerequisite, between the control blade and other devices, an internal network (let's call it CIN) is established. Let's say, the network address is 192.168.1.0/24, and the MM's IP is 192.168.1.1.
Secondly, the control blade is on the customer's 10 network as well as the CIN. Assume its IPs are 10.0.135.1 and 192.168.1.2, respectively.
We want to be able to access the MM's web interface and the remote console access service from any machine on the 10 network. The solution involves:
1. Setting up HTTP proxy on the control blade;
Open /etc/httpd/conf/httpd.conf, and configure the following section as below:
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
Order deny,allow
# Deny from all
Allow from .example.com
</Proxy>
Note that above we have pounded out the Deny line for simplicity.
After you have configured that, save the file then restart the web server daemon using the following command:
/etc/init.d/httpd restart
2. Setting up a SOCKs proxy on the control blade;
SSH to the CSM blade, run the following command to set up a SOCKS server:
ssh -D 10.0.135.1:1080 root@localhost
Keep the SSH session running.
3. Configuring the HTTP proxy and SOCKS proxy into the client machine's browser and/or Java environment;
Bring up your browser's Network Settings dialog, and configure the proxies as follows:
HTTP Proxy: IP: 10.0.135.1, Port: 80
SOCKS Proxy: IP: 10.0.135.1, Port: 1080
In case of Firefox, JRE needs to be configured as well as below:
On your desktop (presumably Windows), open your Control Panel, click on Java, then select Network Settings, click on Use Proxy Server and then click on Advanced, finally set up the proxies as exactly as what you have done for the browser above.
4. Now you are ready to access the MM (and its remote console service)
Point your browser to http://192.168.1.1 to access the web interface.
Tuesday, November 16, 2010
Thursday, August 26, 2010
Why this name?
Well, when I was creating this blog, I thought it was not very good to use my official name since that is hard to read and pronounce. My friends call me James. But there are so many James out there. I then recalled that one of my graduate classmates called me James .007. Then that is it. I am James .007, one thousandth of the hero James 007!
Hope I could achieve 1/1000 of him!
Hope I could achieve 1/1000 of him!
Subscribe to:
Posts (Atom)