[WBEL-users] Iptables Vs Cisco Pix 525
Johnny Hughes
mailing-lists@hughesjr.com
Sat, 22 May 2004 20:27:42 -0500
--=-aJF6cmVWeFSoDu9W0PZV
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
On Sat, 2004-05-22 at 16:31, kbohling@birddog.com wrote:
> > What I meant, and didn't say very well :), is that if you are using IP
> > Masquerading (and 1 external IP with many internal IPs), you will have
> > a
> > problem with things like ... having 2 separate web servers (say at
> > 192.168.0.3 and 192.168.0.6) and trying to split some traffic to one
> > and
> > some traffic to the other ... but with only 1 external IP.
> >
> > Why would you want to do this? Maybe you have a Linux and a Microsoft
> > web server ... one has sites with ASP and MSSQL ... the other has
> > Apache
> > and MySQL ....
> >
> > I have yet to figure out a way to route all traffic (coming in for
> > www.msserver.com on port 80 to the MS server ... while routing all
> > traffic coming in for www.lxserver.com on port 80 to the Linux Server)
> > .... anyone have any ideas?
> >
>
> I believe you are correct, that will be a problem. However, I am
> guessing, that you can setup a "reverse proxy". I believe that's the
> configuration you'd use in apache. You setup a web server that merely
> parses the HTTP request, figures out that it can't respond, forwards the
> request on, takes the answer and feeds it back over the initial connection
> to the original requester.
>
> I believe I've heard of such setups before, but can't say that I've ever
> done it before. This gives a rough description of what I think you could
> make work if you wanted to.
>
> http://www.apacheweek.com/features/reverseproxies
>
> Thanks,
> Kirby
Kirby,
Thank you VERY much. This is working perfectly....at least for port 80
http traffic. Not only that, but you can use any internal IPs, on any
number of machines and just setup the forward and reverse proxies.
I haven't tried to do anything yet with https traffic ... and I think it
will be an issue for that, but I'll worry about that later.
I am hosting one website that has to have IIS and MSSQL (for my church)
... which also made me have to use MS for my website as well...but no
more!
I used to have a MS server as my firewall (and it contained my
webserver, e-mail server, and FTP server), but I wanted to add Spam
Assassin and a virus scanner in front of it. This allows me to use a
WhiteBox server as my Firewall, a front end to my exchange server, and
now as a web server. Again, many thanks.
-Johnny Hughes
--=-aJF6cmVWeFSoDu9W0PZV
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.0.9">
</HEAD>
<BODY>
On Sat, 2004-05-22 at 16:31, kbohling@birddog.com wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE><FONT COLOR="#737373"><I>> What I meant, and didn't say very well :), is that if you are using IP
> Masquerading (and 1 external IP with many internal IPs), you will have
> a
> problem with things like ... having 2 separate web servers (say at
> 192.168.0.3 and 192.168.0.6) and trying to split some traffic to one
> and
> some traffic to the other ... but with only 1 external IP.
>
> Why would you want to do this? Maybe you have a Linux and a Microsoft
> web server ... one has sites with ASP and MSSQL ... the other has
> Apache
> and MySQL ....
>
> I have yet to figure out a way to route all traffic (coming in for
> </FONT><A HREF="http://www.msserver.com"><U>www.msserver.com</U></A><FONT COLOR="#737373"> on port 80 to the MS server ... while routing all
> traffic coming in for </FONT><A HREF="http://www.lxserver.com"><U>www.lxserver.com</U></A><FONT COLOR="#737373"> on port 80 to the Linux Server)
> .... anyone have any ideas?
>
I believe you are correct, that will be a problem. However, I am
guessing, that you can setup a "reverse proxy". I believe that's the
configuration you'd use in apache. You setup a web server that merely
parses the HTTP request, figures out that it can't respond, forwards the
request on, takes the answer and feeds it back over the initial connection
to the original requester.
I believe I've heard of such setups before, but can't say that I've ever
done it before. This gives a rough description of what I think you could
make work if you wanted to.
</FONT>
<A HREF="http://www.apacheweek.com/features/reverseproxies"><U>http://www.apacheweek.com/features/reverseproxies</U></A>
<FONT COLOR="#737373">
Thanks,
Kirby</I></FONT></PRE>
</BLOCKQUOTE>
<BR>
Kirby,<BR>
<BR>
Thank you VERY much. This is working perfectly....at least for port 80 http traffic. Not only that, but you can use any internal IPs, on any number of machines and just setup the forward and reverse proxies.<BR>
<BR>
I haven't tried to do anything yet with https traffic ... and I think it will be an issue for that, but I'll worry about that later.<BR>
<BR>
I am hosting one website that has to have IIS and MSSQL (for my church) ... which also made me have to use MS for my website as well...but no more!<BR>
<BR>
I used to have a MS server as my firewall (and it contained my webserver, e-mail server, and FTP server), but I wanted to add Spam Assassin and a virus scanner in front of it. This allows me to use a WhiteBox server as my Firewall, a front end to my exchange server, and now as a web server. Again, many thanks.<BR>
<BR>
-Johnny Hughes
</BODY>
</HTML>
--=-aJF6cmVWeFSoDu9W0PZV--