PYDIO Cells behind a FIREWALL and NAT how to?

#1

Hi, i try for a moment to have Pydio cells running behind a Palo Alto firewall having NAT’s.
Look’s like it sucks … what are recommendations you should suggest ?
As i have tried a ton of different configuration(install) and no success ? may i have to install a reverse proxy for to have things going on ?
Thanks for help if you have already succeeded in this configuration.
Regards,

Stef

#2

Hi,
i don’t have much experience with firewalls but it should be working if you are on linux for instance with ufw as long as you create the rule that allows access to your cells port (the one used on the bind & external address).

#3

Hi Zayn, currently discussing with the PALO ALTO NETSEC department, look’s like the pydio cells (the NATED address) tries to access the public address for cookies auth/token
What is not usual … we are on the tests to solve that.

#4

Hi Stef,

just being curious, how do you access (and have configured) cells - by IP or by a DNS name ? Using the IP will cause issues (as may content inspection on the firewall) as you will come with the wrong Host header when NAT is active. Also secure cookies can not be used as these are bound to the cells IP.

Regards,
Falk

#5

Hi Falk, thanks for your attention.
I did a ton of tests, in this late case - i’m using just the public address with ./cells install process and bind internal/external addresses as public address - have tested with DNS entries too, DNS is imho a secondary option before starting
production as i will go to a signed ssl certificate to access the site later —

It is at the moment over tests, no reason a fqdn need to be necessary imho.

#6

Hi Stef,

I encounter error when placing cells behind firewall NAT. After narrow down that the NAT need to enable port reflection, the error was gone but my login just got timed out waiting for authentication.

Hope you have better luck.

Regards.

#7

Hi IIS, I’m ok now - just i have still problem with collabora and SSL running over docker with ssl option …
If somebody know how to or have had succes;-) I will be happy as I have spent lost a lot time trying to make cells running.

I was not able to have cells going on using http because the PA firewall blocked websockets at the application level, I then decided to use SSL and looks good now.
i have used both the INTERNAL and EXTERNAL_URL with FQDN + i have added in /etc/hosts FQDN -> internal IP address as the server name differed.

Hope this help - not really easy to configure the Pydio Cells i feel …
Regards.