From owner-freebsd-security Tue Oct 17 7:10:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from slash.ab.videon.ca (slash.ab.videon.ca [206.75.216.210]) by hub.freebsd.org (Postfix) with ESMTP id 74F5A37B4CF for ; Tue, 17 Oct 2000 07:10:09 -0700 (PDT) Received: from rolf-e-laptop.meccamediagroup.com (firewall.meccamediagroup.com [24.108.76.66]) by slash.ab.videon.ca (8.9.2/8.9.2) with ESMTP id IAA04116; Tue, 17 Oct 2000 08:09:36 -0600 (MDT) Message-Id: <5.0.0.25.2.20001017080850.00ac9510@127.0.0.1> X-Sender: redwards/firewall.meccamediagroup.com@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Tue, 17 Oct 2000 08:09:41 -0600 To: Adam Laurie From: Rolf Edwards Subject: Re: Multiple Web/SSL behind firewall Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <39EC3642.FC627E96@algroup.co.uk> References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:21 AM 10/17/2000, Adam Laurie wrote: >Rolf Edwards wrote: > > > > I am attempting to put multiple web servers behind a FreeBSD 4.1.1 box > > running ipfw and natd. The web servers are running both web and SSL > > connections. I was thinking of using squid and a dns hack to have it proxy > > the connections. > > > > I can't seem to find out if I can also have it listen to the SSL port for > > those connections. I am assuming that for generic web traffic, I can use > > the accelerator to recieve multiple domain requests, and have a local dns > > entry so that they are passed to a natd ip. How would I handle multiple > > SSL, as a natd static port map would only allow for one SSL host unless SSL > > is run on multiple ports, one for each machine. > > > > What should I do to handle this situation. The web server will have a > > non-routeable ip, so acting as a gateway won't quite work. > >freeby$ cat /etc/natd.conf ># redirect web to internal >redirect_port tcp a.b.c.d:80 e.f.g.h:80 >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > >where a.b.c.d is your internal webserver address and e.f.g.h is the one >you want the world to connect to. The problem is that there are multiple web servers so that will not work, as it assumes that there is only one. Rolf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message