From owner-freebsd-net Mon Dec 10 21:20:23 2001 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 3A9DD37B417 for ; Mon, 10 Dec 2001 21:20:19 -0800 (PST) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20011211052010.VFSE4213.rwcrmhc52.attbi.com@InterJet.elischer.org>; Tue, 11 Dec 2001 05:20:10 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id VAA02607; Mon, 10 Dec 2001 21:13:04 -0800 (PST) Date: Mon, 10 Dec 2001 21:13:03 -0800 (PST) From: Julian Elischer To: Tom Peck Cc: freebsd-net@FreeBSD.ORG Subject: Re: 1 IP - 1 Firewall - 2 Webservers In-Reply-To: <5.1.0.14.2.20011211121120.0287ddb0@mail.masaclaw.co.nz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a solution for exactlythis problem You need the patch I submitted for ipfw fwd of incoming packets about 3 weeks ago. it allows load sharing to an arbitrary number of webservers transparently I sent it to "net" and it had a subject of RFC: (something) the mail includes how to set it up.. it uses about 1% of cpu redirecting a 10Mb ethernet to 2 servers. (sorry to be vague but look it up in the archives with julian AND RFC AND ipfw in the net list.. On Tue, 11 Dec 2001, Tom Peck wrote: > Hello > > We have ONE static IP with our ISP via a Cable Modem. Connected at our end > of the Cable Modem is a FreeBSD Firewall / Internet Gateway for the rest of > the internal Lan. > > On the Internal Network we have 2 Web / Mail servers which collect mail and > serve HTTP requests recieved from the gateway box. > > INTERNET ---> GATEWAY_BOX ---> WEBSERVER_1 (www.domain1.com, bla@domain1.com) > ---> WEBSERVER_2 (www.domain2.com, bla@domain2.com) > ---> WORKSTATIONS > > > We are currently using squid to forward on the HTTP requests to the web > servers decided by domain requested, ie if someone goes to > www.domain1.com/index.htm this request will be forwarded by Squid to the > WEBSERVER_1. > > This has been working fine, until I decided to run some tests, and look > through the apache logs on the WEBSERVER_1. ALL incoming Client IP's and > Addresses are always that of the GATEWAY_BOX. This poses a problem for > websites which have security on them for OUTSIDE addresses, as this > security will no longer work.. Also, WebStats are going to be invalid as > all requests are made from the Gateway IP. > > Does anybody have any solutions for this problem? Other software solutions > which will fun on FreeBSD? Any help would be most appreciated - even just > a "I wouldn't have a clue, e-mail this group" or something. > > Thanks All > > Tom Peck > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message