pf how-to: Single public IP --> many private NAT'd HTTPS servers
David DeSimone
fox at verio.net
Mon Jan 21 09:55:56 PST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Doug Poland <doug at polands.org> wrote:
>
> I have DNS resolution, the problem ( I think ) is in that pf simply
> sees the packet destined for my single public IP (because all my
> public host names must resolve to the same public IP address) and port
> 443.
I am not sure how you expect this to work. The web browser will expect
the server to send a certificate with its identity as part of the
initial SSL negotiation. The client has not yet sent its request, so
the web server has no idea which of the three domains the browser wanted
to talk to, so it does not know which certificate should be sent. This
is the reason why every SSL site must have its own unique (public) IP
address.
- --
David DeSimone == Network Admin == fox at verio.net
"This email message is intended for the use of the person to whom
it has been sent, and may contain information that is confidential
or legally protected. If you are not the intended recipient or have
received this message in error, you are not authorized to copy, dis-
tribute, or otherwise use this message or its attachments. Please
notify the sender immediately by return e-mail and permanently delete
this message and any attachments. Verio, Inc. makes no warranty that
this email is error or virus free. Thank you." --Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFHlNynFSrKRjX5eCoRAp52AKCIqjzGs2D1o0JAdXfcbZU7YZMlYwCgo0Hz
b0D/2UqYItVoa28DeRUPXy0=
=QKzq
-----END PGP SIGNATURE-----
More information about the freebsd-pf
mailing list