From owner-freebsd-security  Tue Oct 17  7:30:47 2000
Delivered-To: freebsd-security@freebsd.org
Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193])
	by hub.freebsd.org (Postfix) with ESMTP id EA26637B4C5
	for <freebsd-security@FreeBSD.ORG>; Tue, 17 Oct 2000 07:30:42 -0700 (PDT)
Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id OAA05650; Tue, 17 Oct 2000 14:29:11 GMT
Message-ID: <39EC6236.419081FC@algroup.co.uk>
Date: Tue, 17 Oct 2000 15:29:10 +0100
From: Adam Laurie <adam@algroup.co.uk>
Organization: A.L. Group plc
X-Mailer: Mozilla 4.72 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Rolf Edwards <redwards@meccamediagroup.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Multiple Web/SSL behind firewall
References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> <5.0.0.25.2.20001017080850.00ac9510@127.0.0.1>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Rolf Edwards wrote:

> > >
> > > What should I do to handle this situation.  The web server will have a
> > > non-routeable ip, so acting as a gateway won't quite work.
> >
> >freeby$ cat /etc/natd.conf
> ># redirect web to internal
> >redirect_port tcp a.b.c.d:80 e.f.g.h:80
> >redirect_port tcp a.b.c.d:443 e.f.g.h:443
> >
> >where a.b.c.d is your internal webserver address and e.f.g.h is the one
> >you want the world to connect to.
> 
> The problem is that there are multiple web servers so that will not work,
> as it assumes that there is only one.

You could have multiple IP aliases on your outside net. Alternatively,
if you want them to come in on a single address, you could point them at
a single back end server that then does the
round-robin/load-balanced/whatever forwarding. mod_backhand is quite
cool for this kind of stuff. (http://www.backhand.org/)

cheers,
Adam
--
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
Voysey House                  http://www.thebunker.net
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message