Date: Tue, 17 Oct 2000 12:21:38 +0100 From: Adam Laurie <adam@algroup.co.uk> To: Rolf Edwards <redwards@meccamediagroup.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall Message-ID: <39EC3642.FC627E96@algroup.co.uk> References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1>
next in thread | previous in thread | raw e-mail | index | archive | help
Rolf Edwards wrote: > > I am attempting to put multiple web servers behind a FreeBSD 4.1.1 box > running ipfw and natd. The web servers are running both web and SSL > connections. I was thinking of using squid and a dns hack to have it proxy > the connections. > > I can't seem to find out if I can also have it listen to the SSL port for > those connections. I am assuming that for generic web traffic, I can use > the accelerator to recieve multiple domain requests, and have a local dns > entry so that they are passed to a natd ip. How would I handle multiple > SSL, as a natd static port map would only allow for one SSL host unless SSL > is run on multiple ports, one for each machine. > > What should I do to handle this situation. The web server will have a > non-routeable ip, so acting as a gateway won't quite work. freeby$ cat /etc/natd.conf # redirect web to internal redirect_port tcp a.b.c.d:80 e.f.g.h:80 redirect_port tcp a.b.c.d:443 e.f.g.h:443 where a.b.c.d is your internal webserver address and e.f.g.h is the one you want the world to connect to. cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39EC3642.FC627E96>