Date: Tue, 17 Oct 2000 08:09:41 -0600 From: Rolf Edwards <redwards@meccamediagroup.com> To: Adam Laurie <adam@algroup.co.uk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall Message-ID: <5.0.0.25.2.20001017080850.00ac9510@127.0.0.1> In-Reply-To: <39EC3642.FC627E96@algroup.co.uk> References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1>
next in thread | previous in thread | raw e-mail | index | archive | help
At 05:21 AM 10/17/2000, Adam Laurie wrote: >Rolf Edwards wrote: > > > > I am attempting to put multiple web servers behind a FreeBSD 4.1.1 box > > running ipfw and natd. The web servers are running both web and SSL > > connections. I was thinking of using squid and a dns hack to have it proxy > > the connections. > > > > I can't seem to find out if I can also have it listen to the SSL port for > > those connections. I am assuming that for generic web traffic, I can use > > the accelerator to recieve multiple domain requests, and have a local dns > > entry so that they are passed to a natd ip. How would I handle multiple > > SSL, as a natd static port map would only allow for one SSL host unless SSL > > is run on multiple ports, one for each machine. > > > > What should I do to handle this situation. The web server will have a > > non-routeable ip, so acting as a gateway won't quite work. > >freeby$ cat /etc/natd.conf ># redirect web to internal >redirect_port tcp a.b.c.d:80 e.f.g.h:80 >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > >where a.b.c.d is your internal webserver address and e.f.g.h is the one >you want the world to connect to. The problem is that there are multiple web servers so that will not work, as it assumes that there is only one. Rolf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.0.25.2.20001017080850.00ac9510>