From owner-freebsd-security  Tue Oct 17  4:22:44 2000
Delivered-To: freebsd-security@freebsd.org
Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193])
	by hub.freebsd.org (Postfix) with ESMTP id CE6D237B4E5
	for <freebsd-security@FreeBSD.ORG>; Tue, 17 Oct 2000 04:22:40 -0700 (PDT)
Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id LAA05354; Tue, 17 Oct 2000 11:21:38 GMT
Message-ID: <39EC3642.FC627E96@algroup.co.uk>
Date: Tue, 17 Oct 2000 12:21:38 +0100
From: Adam Laurie <adam@algroup.co.uk>
Organization: A.L. Group plc
X-Mailer: Mozilla 4.72 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Rolf Edwards <redwards@meccamediagroup.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Multiple Web/SSL behind firewall
References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Rolf Edwards wrote:
> 
> I am attempting to put multiple web servers behind a FreeBSD 4.1.1 box
> running ipfw and natd.  The web servers are running both web and SSL
> connections.  I was thinking of using squid and a dns hack to have it proxy
> the connections.
> 
> I can't seem to find out if I can also have it listen to the SSL port for
> those connections.  I am assuming that for generic web traffic, I can use
> the accelerator to recieve multiple domain requests, and have a local dns
> entry so that they are passed to a natd ip.  How would I handle multiple
> SSL, as a natd static port map would only allow for one SSL host unless SSL
> is run on multiple ports, one for each machine.
> 
> What should I do to handle this situation.  The web server will have a
> non-routeable ip, so acting as a gateway won't quite work.

freeby$ cat /etc/natd.conf
# redirect web to internal
redirect_port tcp a.b.c.d:80 e.f.g.h:80
redirect_port tcp a.b.c.d:443 e.f.g.h:443

where a.b.c.d is your internal webserver address and e.f.g.h is the one
you want the world to connect to.

cheers,
Adam
--
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
Voysey House                  http://www.thebunker.net
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message