Date: Tue, 11 Dec 2001 18:26:32 +1300 From: Tom Peck <tom@masaclaw.co.nz> To: Julian Elischer <julian@elischer.org>, freebsd-net@FreeBSD.ORG Subject: Re: 1 IP - 1 Firewall - 2 Webservers Message-ID: <5.1.0.14.2.20011211182526.02866228@mail.masaclaw.co.nz> In-Reply-To: <Pine.BSF.4.21.0112102109140.2586-100000@InterJet.elischer. org> References: <5.1.0.14.2.20011211121120.0287ddb0@mail.masaclaw.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank-you for the reply Julian. I will get our network guru onto it and let you know the results. Tom At 21:13 10/12/2001 -0800, you wrote: >I have a solution for exactlythis problem >You need the patch I submitted for ipfw fwd of incoming packets >about 3 weeks ago. > >it allows load sharing to an arbitrary number of webservers transparently >I sent it to "net" and it had a subject of RFC: (something) > >the mail includes how to set it up.. >it uses about 1% of cpu redirecting a 10Mb ethernet to 2 servers. >(sorry to be vague but look it up in the archives with >julian AND RFC AND ipfw in the net list.. > > >On Tue, 11 Dec 2001, Tom Peck wrote: > > > Hello > > > > We have ONE static IP with our ISP via a Cable Modem. Connected at our > end > > of the Cable Modem is a FreeBSD Firewall / Internet Gateway for the > rest of > > the internal Lan. > > > > On the Internal Network we have 2 Web / Mail servers which collect mail > and > > serve HTTP requests recieved from the gateway box. > > > > INTERNET ---> GATEWAY_BOX ---> WEBSERVER_1 (www.domain1.com, > bla@domain1.com) > > ---> WEBSERVER_2 (www.domain2.com, > bla@domain2.com) > > ---> WORKSTATIONS > > > > > > We are currently using squid to forward on the HTTP requests to the web > > servers decided by domain requested, ie if someone goes to > > www.domain1.com/index.htm this request will be forwarded by Squid to the > > WEBSERVER_1. > > > > This has been working fine, until I decided to run some tests, and look > > through the apache logs on the WEBSERVER_1. ALL incoming Client IP's and > > Addresses are always that of the GATEWAY_BOX. This poses a problem for > > websites which have security on them for OUTSIDE addresses, as this > > security will no longer work.. Also, WebStats are going to be invalid as > > all requests are made from the Gateway IP. > > > > Does anybody have any solutions for this problem? Other software > solutions > > which will fun on FreeBSD? Any help would be most appreciated - even just > > a "I wouldn't have a clue, e-mail this group" or something. > > > > Thanks All > > > > Tom Peck > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20011211182526.02866228>