OS4X Proxy
OS4X Proxy is the solution to connect your internal OFTP station to the external internet.
Due to the fact that internet is often not accessible from internal stations AND internal stations are normally not available from external internet, OS4X Proxy offers a secure solution to interact with the global internet without offering direct access of the OFTP station to the offending internet.
Involved programs
The OS4X Proxy consists of two parts:
- OS4X Proxy: the program communicating to the external internet
- OS4X Proxyclient: the program communicating to the internal network
The external communication is completely free in configuration on which port and device it listens. The internal proxy client is capable to forward incoming calls to a given internal service reachable via TCP/IP. This may be on the local host or even on another different station.
Common situations
Some situations are common sense of security and offer a wide range of network implementations.
Expose a single port to the internet
In order to listen on a specified port on a single IP address in the DMZ (de-militarized zone), the OS4X proxy can be installed in this instance in order to forward OFTP data to an internally connected proxy client.
Forward internal OFTP data to the external internet
When connecting to the outside world over a single point of connectivity, the OS4X Proxy constellation will solve this situation.
Licensing
OS4X Proxy is licensed via a license file at the OS4X Proxy (not client) side: only one license is needed to keep the system up and running. This license is based on an OS4X Proxy ID on the proxy server side, which can be easily obtained via a command line parameter:
dmz:~ # /opt/os4x/os4x_proxy -L OS4X Proxy ID: c6bc8d9b37c5e36333a41acdda653aaef7fd4a00459eeb32a8a41059e23017c8px
This OS4X Proxy ID is needed for license generation, which can be done for test purposes on the website at http://www.os4x.com/key.
The valid license will be searched by default at
/etc/os4x_proxy.lic
but an alternative location can be given with the commandline option "-l":
sles11-base:~ # /opt/os4x/os4x_proxy -l /usr/licenses/os4x_proxy.lic
OS4X Proxy
All external communication is done via the OS4X Proxy. This daemon runs normally in the background without any interaction. It's optimized on size and speed. No logical operations are implemented here, so no OFTP operations are located in this securely separated location.
commandline options
OS4X Proxy daemon build 20110412
usage:
-h: this help text
-v: display version
-i [<IP of device>]:<port>: accept from (optional) device on given port for internal connections.
defaults: IP of device: 0.0.0.0 (any)
--------- port: 65432
-e [<IP of device>]:<port>: accept from (optional) device on given port for external connections.
defaults: IP of device: 0.0.0.0 (any)
--------- port: 6619
[-T <seconds>: TCP/IP timeout (default: 180 seconds)]
-d: enable debug mode (don't daemonize)
-t: enable trace mode (don't daemonize, extreme logging)
License options:
-L: print out OS4X Proxy ID (basis for license)
-l <license file>: point to readable license file (default: /etc/os4x_proxy.lic)
OS4X Proxyclient
The OS4X Proxyclient communicates with the OS4X Proxy via a single given TCP/IP port. All internal OFTP communication traffic is routed over this internal daemon.
commandline options
OS4X Proxy client build 20110411
usage:
-h: this help text
-v: display version
[-Q <portnumber>: internal port number to listen for internal connections for outgoing connections (default: 65433)]
-i [<IP of OS4X receive daemon>]:<port>: forward packages to internal OS4X receive daemon.
defaults: localhost
--------- port: 6619
-e [<IP of proxy>]:<port>: connect to given OS4X proxy server.
defaults: IP of device: none - to be set
--------- port: 65432
[-T <seconds>: TCP/IP timeout (default: 180 seconds)]
-d: enable debug mode (don't daemonize)
-t: enable trace mode (don't daemonize, extreme logging)