From owner-freebsd-net Mon Dec 10 21:32:48 2001 Delivered-To: freebsd-net@freebsd.org Received: from mta1-rme.xtra.co.nz (mta1-rme.xtra.co.nz [210.86.15.129]) by hub.freebsd.org (Postfix) with ESMTP id 8DB1437B417 for ; Mon, 10 Dec 2001 21:32:44 -0800 (PST) Received: from internet1.masaclaw.co.nz ([210.55.57.50]) by mta1-rme.xtra.co.nz with ESMTP id <20011211053241.RCBY28825.mta1-rme.xtra.co.nz@internet1.masaclaw.co.nz>; Tue, 11 Dec 2001 18:32:41 +1300 Message-Id: <5.1.0.14.2.20011211182526.02866228@mail.masaclaw.co.nz> X-Sender: masaclaw@mail.masaclaw.co.nz X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 11 Dec 2001 18:26:32 +1300 To: Julian Elischer , freebsd-net@FreeBSD.ORG From: Tom Peck Subject: Re: 1 IP - 1 Firewall - 2 Webservers In-Reply-To: References: <5.1.0.14.2.20011211121120.0287ddb0@mail.masaclaw.co.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thank-you for the reply Julian. I will get our network guru onto it and let you know the results. Tom At 21:13 10/12/2001 -0800, you wrote: >I have a solution for exactlythis problem >You need the patch I submitted for ipfw fwd of incoming packets >about 3 weeks ago. > >it allows load sharing to an arbitrary number of webservers transparently >I sent it to "net" and it had a subject of RFC: (something) > >the mail includes how to set it up.. >it uses about 1% of cpu redirecting a 10Mb ethernet to 2 servers. >(sorry to be vague but look it up in the archives with >julian AND RFC AND ipfw in the net list.. > > >On Tue, 11 Dec 2001, Tom Peck wrote: > > > Hello > > > > We have ONE static IP with our ISP via a Cable Modem. Connected at our > end > > of the Cable Modem is a FreeBSD Firewall / Internet Gateway for the > rest of > > the internal Lan. > > > > On the Internal Network we have 2 Web / Mail servers which collect mail > and > > serve HTTP requests recieved from the gateway box. > > > > INTERNET ---> GATEWAY_BOX ---> WEBSERVER_1 (www.domain1.com, > bla@domain1.com) > > ---> WEBSERVER_2 (www.domain2.com, > bla@domain2.com) > > ---> WORKSTATIONS > > > > > > We are currently using squid to forward on the HTTP requests to the web > > servers decided by domain requested, ie if someone goes to > > www.domain1.com/index.htm this request will be forwarded by Squid to the > > WEBSERVER_1. > > > > This has been working fine, until I decided to run some tests, and look > > through the apache logs on the WEBSERVER_1. ALL incoming Client IP's and > > Addresses are always that of the GATEWAY_BOX. This poses a problem for > > websites which have security on them for OUTSIDE addresses, as this > > security will no longer work.. Also, WebStats are going to be invalid as > > all requests are made from the Gateway IP. > > > > Does anybody have any solutions for this problem? Other software > solutions > > which will fun on FreeBSD? Any help would be most appreciated - even just > > a "I wouldn't have a clue, e-mail this group" or something. > > > > Thanks All > > > > Tom Peck > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message