1

I have a situation where I've developed a website on Windows and come to find only a single UNIX server has been white listed for the back end server-to-server information exchange that needs to be performed.

My options seem to be:

  1. Migrate to Mono
  2. Rewrite in PHP
  3. Setup a proxy on the white listed server to act as a relay (REST based web service).

My question here is about the feasibility of (3).

In my initial research I found nc -l 12345 | nc www.google.com 80 but do not know how to restrict the incoming connection to only a single IP.

Is there a good/simple solution to my problem?

Update: I was able to convince the stakeholders involved that it was better to accept we had a configuration issue. Thus, the windows server was white listed (they thought it would take a lot longer than it actually did). Anyway, the answer given turned out to have the correct solution. Thanks!

Aaron Anodide
  • 183
  • 1
  • 9

1 Answers1

2

You're missing the proper option. Work with your IT department to get the firewall rules opened on the backend. If your website is an approved business project, IT needs to be aligned with that project.

Edit - Well, so what's your question? If you're asking can "Unix" be configured to only accept connections on a single TCP (or UDP) port from a single IP, the answer is "Yes." If you want more details about how to do that, you'll have to tell us what vendor and version the Unix is, and what kind of IP software it's running. If you don't know, you probably shouldn't be working on the box.

And, if your response to an emergency situation is to code up a REST-based web service proxy instead of simply changing the firewall rules, then you're right, you have a very different approach to systems administration than the bulk of the other users on ServerFault. Aside from the amount of work involved, you're introducing additional single-points-of-failure.

mfinni
  • 35,711
  • 3
  • 50
  • 86
  • I've edited my answer. – mfinni Feb 20 '13 at 19:53
  • 2
    It's not unhelpful to suggest to work with IT to solve this problem. It's a lot simpler than the hacks you suggest. – gparent Feb 20 '13 at 19:57
  • 1
    @mfinni, I removed my snippy comment and undid my downvote. I do appreciate where you are coming from. Actually understanding that there's no simple way to do what I'm doing is helpful. This is a case of I wish there were more technical people involved in the situation but I can't do anything about it... – Aaron Anodide Feb 20 '13 at 20:03