PYDIO Cells behind a FIREWALL and NAT how to?


#1

Hi, i try for a moment to have Pydio cells running behind a Palo Alto firewall having NAT’s.
Look’s like it sucks … what are recommendations you should suggest ?
As i have tried a ton of different configuration(install) and no success ? may i have to install a reverse proxy for to have things going on ?
Thanks for help if you have already succeeded in this configuration.
Regards,

Stef


#2

Hi,
i don’t have much experience with firewalls but it should be working if you are on linux for instance with ufw as long as you create the rule that allows access to your cells port (the one used on the bind & external address).


#3

Hi Zayn, currently discussing with the PALO ALTO NETSEC department, look’s like the pydio cells (the NATED address) tries to access the public address for cookies auth/token
What is not usual … we are on the tests to solve that.


#4

Hi Stef,

just being curious, how do you access (and have configured) cells - by IP or by a DNS name ? Using the IP will cause issues (as may content inspection on the firewall) as you will come with the wrong Host header when NAT is active. Also secure cookies can not be used as these are bound to the cells IP.

Regards,
Falk


#5

Hi Falk, thanks for your attention.
I did a ton of tests, in this late case - i’m using just the public address with ./cells install process and bind internal/external addresses as public address - have tested with DNS entries too, DNS is imho a secondary option before starting
production as i will go to a signed ssl certificate to access the site later —

It is at the moment over tests, no reason a fqdn need to be necessary imho.