From owner-freebsd-security Mon Oct 16 16: 3:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from slash.ab.videon.ca (slash.ab.videon.ca [206.75.216.210]) by hub.freebsd.org (Postfix) with ESMTP id 1195A37B66D for ; Mon, 16 Oct 2000 16:03:05 -0700 (PDT) Received: from rolf-e-laptop.meccamediagroup.com (firewall.meccamediagroup.com [24.108.76.66]) by slash.ab.videon.ca (8.9.2/8.9.2) with ESMTP id RAA01980 for ; Mon, 16 Oct 2000 17:03:04 -0600 (MDT) Message-Id: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> X-Sender: redwards/firewall.meccamediagroup.com@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 16 Oct 2000 17:03:09 -0600 To: freebsd-security@FreeBSD.ORG From: Rolf Edwards Subject: Multiple Web/SSL behind firewall Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am attempting to put multiple web servers behind a FreeBSD 4.1.1 box running ipfw and natd. The web servers are running both web and SSL connections. I was thinking of using squid and a dns hack to have it proxy the connections. I can't seem to find out if I can also have it listen to the SSL port for those connections. I am assuming that for generic web traffic, I can use the accelerator to recieve multiple domain requests, and have a local dns entry so that they are passed to a natd ip. How would I handle multiple SSL, as a natd static port map would only allow for one SSL host unless SSL is run on multiple ports, one for each machine. What should I do to handle this situation. The web server will have a non-routeable ip, so acting as a gateway won't quite work. Rolf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message