Have a look at Squid proxy. The last releases admit SSL reverse proxying. If it would be capable of handling different servers your problem would be solved. You could have it inside of the firewall (but be careful with security issues). Regards. BGR ----- Original Message ----- From: <jen@xxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Friday, July 25, 2003 2:17 AM Subject: ssl forward / proxy question > > hi, > > i have a NAT set up via an iptables firewall on RHAS. i have various webservers > behind it (and other stuff), but now i'm required by marketing (sigh) to set > up loads of SSL certificates. since apache/apache2 still requires one ip > address per SSL certificate, and they mean to do lots of these, i'm wondering > how to set it up in such a way that all DNS points to one external IP address > such as 234.56.78.90. when the packet hits the firewall, something proxies it > so that it will see the *name* address, and forward it on to a virtual IP. for > example: > > there are 3 domains all belonging to the same "real" IP address. > > 234.56.78.90 -> www.guinness.com > 234.56.78.90 -> www.kicks.com > 234.56.78.90 -> www.butt.com > > so a user wants to go to www.guinness.com, the IP takes the packet to the fire > wall/proxy/whatever, notices that it's "www.guinness.com" and and will forward t > he packet on to the internal address of 10.31.1.44 > > user goes to www.kicks.com, and the packet goes to 10.31.1.45 > > www.butt.com will get forwarded to 10.31.1.46 > > is there something like this that is possible? > > thanks!! > > -\jen > >
