|
Matt,
all firewalls that I've had experience with work this way. What you are in
essence doing is "port mapping" on your firewall. Internet users connect
to your firewall, as if the firewall was the web server, the firewall then
redirects that request inward to the appropriate machine which was mapped on
your firewall. The problems I've encountered though are when you have a
server farm as you describe.
Let's
say that the IP address of your firewall is 208.100.100.5, if someone wants to
connect to a web server behind the firewall, they would actually be connecting
to 208.100.100.5 on port 80. But, you can only map 1 internal host to the
external port 80. Which means that you would either have to configure
different ports for all of your web servers, or have one target server behind
the firewall act as a redirector to all the other web servers.
-Jesus
-----Original Message-----
From: Matthew G . Harrigan [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 15, 1999 7:01 PM To: [EMAIL PROTECTED] Subject: Raptor 6.0 web traffic passing I'm attempting to get Raptor 6.0 on Solaris to pass
all web traffic
to any
arbitrary host on the network behind the firewall (it's a web server
farm).
It seems
relatively simple to me: allow access to ports 80
and 443 globally. I have, however, been told that this is not the case by Raptor, and that
there needs to be rules generated for each host intended to recieve web traffic.
If I had 50 webservers operating in this environment, am I to believe that I
need to make 50 config changes to accomodate them? Someone tell me
this isn't so (or at least tell me that it is, so
I can re-evaluate firewall technologies).
Matt
|
- Raptor 6.0 web traffic passing Matthew G . Harrigan
- Jesus Gonzalez
