Date: Tue, 17 Oct 2000 15:29:10 +0100 From: Adam Laurie <adam@algroup.co.uk> To: Rolf Edwards <redwards@meccamediagroup.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall Message-ID: <39EC6236.419081FC@algroup.co.uk> References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> <5.0.0.25.2.20001017080850.00ac9510@127.0.0.1>
next in thread | previous in thread | raw e-mail | index | archive | help
Rolf Edwards wrote: > > > > > > What should I do to handle this situation. The web server will have a > > > non-routeable ip, so acting as a gateway won't quite work. > > > >freeby$ cat /etc/natd.conf > ># redirect web to internal > >redirect_port tcp a.b.c.d:80 e.f.g.h:80 > >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > > > >where a.b.c.d is your internal webserver address and e.f.g.h is the one > >you want the world to connect to. > > The problem is that there are multiple web servers so that will not work, > as it assumes that there is only one. You could have multiple IP aliases on your outside net. Alternatively, if you want them to come in on a single address, you could point them at a single back end server that then does the round-robin/load-balanced/whatever forwarding. mod_backhand is quite cool for this kind of stuff. (http://www.backhand.org/) cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39EC6236.419081FC>