From owner-freebsd-net  Mon Dec 10 16:40:13 2001
Delivered-To: freebsd-net@freebsd.org
Received: from mta5-rme.xtra.co.nz (mta5-rme.xtra.co.nz [210.86.15.138])
	by hub.freebsd.org (Postfix) with ESMTP id A2CFB37B417
	for <freebsd-net@FreeBSD.ORG>; Mon, 10 Dec 2001 16:40:01 -0800 (PST)
Received: from internet1.masaclaw.co.nz ([210.55.57.50])
          by mta5-rme.xtra.co.nz with ESMTP
          id <20011211004000.BHKB21293.mta5-rme.xtra.co.nz@internet1.masaclaw.co.nz>
          for <freebsd-net@FreeBSD.ORG>; Tue, 11 Dec 2001 13:40:00 +1300
Message-Id: <5.1.0.14.2.20011211121120.0287ddb0@mail.masaclaw.co.nz>
X-Sender: masaclaw@mail.masaclaw.co.nz
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 11 Dec 2001 13:33:53 +1300
To: freebsd-net@FreeBSD.ORG
From: Tom Peck <tom@masaclaw.co.nz>
Subject: 1 IP - 1 Firewall - 2 Webservers
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hello

We have ONE static IP with our ISP via a Cable Modem.  Connected at our end 
of the Cable Modem is a FreeBSD Firewall / Internet Gateway for the rest of 
the internal Lan.

On the Internal Network we have 2 Web / Mail servers which collect mail and 
serve HTTP requests recieved from the gateway box.

INTERNET ---> GATEWAY_BOX  ---> WEBSERVER_1 (www.domain1.com, bla@domain1.com)
                            ---> WEBSERVER_2 (www.domain2.com, bla@domain2.com)
                            ---> WORKSTATIONS


We are currently using squid to forward on the HTTP requests to the web 
servers decided by domain requested, ie if someone goes to 
www.domain1.com/index.htm this request will be forwarded by Squid to the 
WEBSERVER_1.

This has been working fine, until I decided to run some tests, and look 
through the apache logs on the WEBSERVER_1.  ALL incoming Client IP's and 
Addresses are always that of the GATEWAY_BOX.  This poses a problem for 
websites which have security on them for OUTSIDE addresses, as this 
security will no longer work..  Also, WebStats are going to be invalid as 
all requests are made from the Gateway IP.

Does anybody have any solutions for this problem?  Other software solutions 
which will fun on FreeBSD?  Any help would be most appreciated - even just 
a "I wouldn't have a clue, e-mail this group" or something.

Thanks All

Tom Peck



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message