Re: ssl forward / proxy question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Have a look at Squid proxy. The last releases admit SSL reverse proxying. If
it would be capable of handling different servers your problem would be
solved. You could have it inside of the firewall (but be careful with
security issues).

Regards.

BGR


----- Original Message ----- 
From: <jen@xxxxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Friday, July 25, 2003 2:17 AM
Subject: ssl forward / proxy question


>
> hi,
>
> i have a NAT set up via an iptables firewall on RHAS. i have various
webservers
> behind it (and other stuff), but now i'm required by marketing (sigh) to
set
> up loads of SSL certificates. since apache/apache2 still requires one ip
> address per SSL certificate, and they mean to do lots of these, i'm
wondering
> how to set it up in such a way that all DNS points to one external IP
address
> such as 234.56.78.90. when the packet hits the firewall, something proxies
it
> so that it will see the *name* address, and forward it on to a virtual IP.
for
> example:
>
> there are 3 domains all belonging to the same "real" IP address.
>
> 234.56.78.90 -> www.guinness.com
> 234.56.78.90 -> www.kicks.com
> 234.56.78.90 -> www.butt.com
>
> so a user wants to go to www.guinness.com, the IP takes the packet to the
fire
> wall/proxy/whatever, notices that it's "www.guinness.com" and and will
forward t
> he packet on to the internal address of 10.31.1.44
>
> user goes to www.kicks.com, and the packet goes to 10.31.1.45
>
> www.butt.com will get forwarded to 10.31.1.46
>
> is there something like this that is possible?
>
> thanks!!
>
> -\jen
>
>




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux