Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Jan 2008 10:58:09 -0600
From:      Doug Poland <doug@polands.org>
To:        OutbackDingo <outbackdingo@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: pf how-to: Single public IP --> many private NAT'd HTTPS	servers
Message-ID:  <4794CF21.2090606@polands.org>
In-Reply-To: <1200904649.33634.9.camel@z60m>
References:  <4794C5A8.8040402@polands.org> <1200904649.33634.9.camel@z60m>
next in thread | previous in thread | raw e-mail | index | archive | help 
OutbackDingo wrote:
> 
> On Mon, 2008-01-21 at 10:17 -0600, Doug Poland wrote:
>> Hello,
>>
>> I've googled, read pf.conf(5) and the pf tutorial/faq, and experimented, 
>> but a working configuration eludes me.
>>
>> Here's my environment:
>>
>> 	Firewall:
>> 		FreeBSD 6.2-STABLE pf
>> 		1 public (routable) IP address
>> 	
>> 	HTTPS:
>> 		FreeBSD 7.0-PRERELEASE
>> 		Listening on 3 private (RFC-1918) IPs
>> 		Apache22 w/SSL and name-based virtual hosts
>> 		
>>
>> I would like to redirect incoming https traffic to a specific https 
>> server.  So far, I've experimented with various rdr options pf.conf. 
>> I've even tried to create an address pool, but to no avail.
>>
>> This is a rather high-level explanation and I didn't want to clutter 
>> this email with pf/DNS/apache syntax that is not working.
>>
>> I'm open to other solutions if pf is not capable of doing the job.  I 
>> have an idea of how apache and mod_rewrite "might" get me there but 
>> wanted to try pf first.
>>
 > web_servers = "{ 10.0.0.10, 10.0.0.11, 10.0.0.13 }"
 >
 > rdr on $ext_if proto tcp from any to any port 80 -> $web_servers \
 >             round-robin sticky-address
 >
Hi, thanks for the quick response.  Your suggestion was actually the 
first thing I tried :)  Unfortunately, each host listens on a specific 
IP address for that virtual host.  So if:

    webmail.example.com    = 10.0.0.10
    subversion.example.com = 10.0.0.11
    timesheets.example.com = 10.0.0.12

and pf sends a request for webmail.example.com to 
timesheets.example.com, the request fails.

-- 
Regards,
Doug

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4794CF21.2090606>