Re: pf how-to: Single public IP --> many private NAT'd HTTPS servers

Quoting Doug Poland <[EMAIL PROTECTED]>: David DeSimone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Doug Poland <[EMAIL PROTECTED]> wrote: I have DNS resolution, the problem ( I think ) is in that pf simply sees the packet destined for my single public IP (because all my public host

Re: pf how-to: Single public IP --> many private NAT'd HTTPS servers

Doug Poland wrote: I see what you are getting it. I told pf to simply route all https requests to a fixed private IP. When I pointed my browser at the FQDN, firefox told me I had a certificate problem... i.e., the certificate returned was not the one expected. So, is the bottom line, one *c

Re: pf how-to: Single public IP --> many private NAT'd HTTPS servers

OutbackDingo wrote: the problem here is pf doesnt do hostname resolution, its not supported by the filter so dns doesnt help, a reverse proxy would do a name resolution, though you can use ACLs to direct traffic from a name to an IP in a proxy also, and this isnt load balanceing, this would be na

Re: pf how-to: Single public IP --> many private NAT'd HTTPS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Doug Poland <[EMAIL PROTECTED]> wrote: > > So, is the bottom line, one *cannot* hide multiple (NAT'd) SSL hosts > behind a single public IP? So my only solution, given apache and one > public IP, is a single host listening on 443 and each "domain" w

Re: pf how-to: Single public IP --> many private NAT'd HTTPS servers

David DeSimone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Doug Poland <[EMAIL PROTECTED]> wrote: I have DNS resolution, the problem ( I think ) is in that pf simply sees the packet destined for my single public IP (because all my public host names must resolve to the same public IP ad

Re: pf how-to: Single public IP --> many private NAT'd HTTPS servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Doug Poland <[EMAIL PROTECTED]> wrote: > > I have DNS resolution, the problem ( I think ) is in that pf simply > sees the packet destined for my single public IP (because all my > public host names must resolve to the same public IP address) and port >

Re: pf how-to: Single public IP --> many private NAT'd HTTPS servers

the problem here is pf doesnt do hostname resolution, its not supported by the filter so dns doesnt help, a reverse proxy would do a name resolution, though you can use ACLs to direct traffic from a name to an IP in a proxy also, and this isnt load balanceing, this would be name based redirection.

Re: pf how-to: Single public IP --> many private NAT'd HTTPS servers

OutbackDingo wrote: On Mon, 2008-01-21 at 10:58 -0600, Doug Poland wrote: OutbackDingo wrote: On Mon, 2008-01-21 at 10:17 -0600, Doug Poland wrote: Hello, I've googled, read pf.conf(5) and the pf tutorial/faq, and experimented, but a working configuration eludes me. Here's my environment:

Re: pf how-to: Single public IP --> many private NAT'd HTTPS servers

OutbackDingo wrote: On Mon, 2008-01-21 at 10:17 -0600, Doug Poland wrote: Hello, I've googled, read pf.conf(5) and the pf tutorial/faq, and experimented, but a working configuration eludes me. Here's my environment: Firewall: FreeBSD 6.2-STABLE pf 1

pf how-to: Single public IP --> many private NAT'd HTTPS servers

Hello, I've googled, read pf.conf(5) and the pf tutorial/faq, and experimented, but a working configuration eludes me. Here's my environment: Firewall: FreeBSD 6.2-STABLE pf 1 public (routable) IP address HTTPS: FreeBSD