[WBEL-users] Iptables Vs Cisco Pix 525

[Simone]

Hi, just want to thank all the people that gave their opinion and shared 
their knowledge on this thread. I have a clearer idea now, on the diffs 
between the two, and I can go on trying my best with iptables.

Thanks a lot
Simone


At 09:29 24/05/2004, Thomas Swan wrote:
>Johnny Hughes wrote:
>
> > On Sat, 2004-05-22 at 16:31, kbohling@birddog.com wrote:
> >
> >>/> What I meant, and didn't say very well :), is that if you are using IP
> >>> Masquerading (and 1 external IP with many internal IPs), you will have
> >>> a
> >>> problem with things like ... having 2 separate web servers (say at
> >>> 192.168.0.3 and 192.168.0.6) and trying to split some traffic to one
> >>> and
> >>> some traffic to the other ... but with only 1 external IP.
> >>>
> >>> Why would you want to do this?  Maybe you have a Linux and a Microsoft
> >>> web server ... one has sites with ASP and MSSQL ... the other has
> >>> Apache
> >>> and MySQL ....
> >>>
> >>> I have yet to figure out a way to route all traffic (coming in for
> >>> //_www.msserver.com_ <http://www.msserver.com> on port 80 to the MS 
> server ... while routing all
> >>> traffic coming in for _www.lxserver.com_ <http://www.lxserver.com> on 
> port 80 to the Linux Server)
> >>> .... anyone have any ideas?
> >>>
> >>
> >>I believe you are correct, that will be a problem.  However, I am
> >>guessing, that you can setup a "reverse proxy".  I believe that's the
> >>configuration you'd use in apache.  You setup a web server that merely
> >>parses the HTTP request, figures out that it can't respond, forwards the
> >>request on, takes the answer and feeds it back over the initial connection
> >>to the original requester.
> >>
> >>I believe I've heard of such setups before, but can't say that I've ever
> >>done it before.  This gives a rough description of what I think you could
> >>make work if you wanted to.
> >>
> >>_http://www.apacheweek.com/features/reverseproxies_
> >>
> >>Thanks,
> >>   Kirby/
> >>
> >
> > Kirby,
> >
> > Thank you VERY much.  This is working perfectly....at least for port
> > 80 http traffic.  Not only that, but you can use any internal IPs, on
> > any number of machines and just setup the forward and reverse proxies.
> >
> > I haven't tried to do anything yet with https traffic ... and I think
> > it will be an issue for that, but I'll worry about that later.
>
>Yes, it will.  The problem is that the SSL handshake and encryption take
>place before the name can be sent so you will likely have a site
>name/certificate mismatch.   If this is acceptable, then you should make
>the rest work the same as your non-SSL traffic.  If your SSL requests
>are only to one server then you should be able to get proxy to secure
>your connection and then forward your request on internally.
>
> >
> > I am hosting one website that has to have IIS and MSSQL (for my
> > church) ... which also made me have to use MS for my website as
> > well...but no more!
> >
> > I used to have a MS server as my firewall (and it contained my
> > webserver, e-mail server, and FTP server), but I wanted to add Spam
> > Assassin and a virus scanner in front of it.  This allows me to use a
> > WhiteBox server as my Firewall, a front end to my exchange server, and
> > now as a web server.  Again, many thanks.
> >
> > -Johnny Hughes
>
>
>_______________________________________________
>Whitebox-users mailing list
>Whitebox-users@beau.org
>http://beau.org/mailman/listinfo/whitebox-users

 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=&d=25-5