Date: Tue, 17 Oct 2000 10:34:03 -0600 From: Rolf Edwards <redwards@meccamediagroup.com> To: Adam Laurie <adam@algroup.co.uk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall Message-ID: <5.0.0.25.2.20001017101924.00ab9808@127.0.0.1> In-Reply-To: <39EC6236.419081FC@algroup.co.uk> References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> <5.0.0.25.2.20001017080850.00ac9510@127.0.0.1>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:29 AM 10/17/2000, Adam Laurie wrote: >Rolf Edwards wrote: > > > > > > > > > What should I do to handle this situation. The web server will have a > > > > non-routeable ip, so acting as a gateway won't quite work. > > > > > >freeby$ cat /etc/natd.conf > > ># redirect web to internal > > >redirect_port tcp a.b.c.d:80 e.f.g.h:80 > > >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > > > > > >where a.b.c.d is your internal webserver address and e.f.g.h is the one > > >you want the world to connect to. > > > > The problem is that there are multiple web servers so that will not work, > > as it assumes that there is only one. > >You could have multiple IP aliases on your outside net. Alternatively, >if you want them to come in on a single address, you could point them at >a single back end server that then does the >round-robin/load-balanced/whatever forwarding. mod_backhand is quite >cool for this kind of stuff. (http://www.backhand.org/) Reviewing the backhand site, it looks as though it isn't a great fit. Do you think I can redirect the SSL port to the web port and use squid to redirect? I think squid will do the web requestes ok, but can SSL be redirected like that? or will the IP changes cause conflicts? Rolf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.0.25.2.20001017101924.00ab9808>