[GTALUG] Routing and/or Proxying

[Giles Orr]

I think I'm having trouble finding an answer to my questions largely
because I don't fully know how to express them, so I'm going to try to
do so here and see if another member of this list can take my English
language fuzzy logic and turn it into question(s) that can more easily
be answered ...

I'm running application servers that have to make queries to servers
behind a firewall.  The firewall (not in my control) has to be
configured to admit IP addresses.  Getting addresses added to the
firewall can be slow.  So it seems to me the best way to do this would
be to set up a couple of proxy servers with fixed/known IPs so that
the application servers (fluctuating headcount and IPs) could make
their requests through the proxy servers - which are known to the
firewall.

This makes sense in my head so far.  But here's the problem: I'd like
to send all network traffic from the application servers through the
proxy servers, regardless of content, port, destination, anything.
But in saying that, it begins to sound more like "routing" than
"proxying", and enforcing this seems like it might be tricky on the
open internet.  And authentication of some sort would seem to be
needed to prevent bad actors using the proxy to access stuff behind
the firewall.

A VPN is a possibility, but not one I'm enthusiastic about: I tackled
OpenVPN a few months back, and after a day and a half and very little
progress my brains started to slide out my ears.  But if that's what I
need to do, I'll get back on it.

Thanks!

-- 
Giles
http://www.gilesorr.com/
gilesorr at gmail.com