Jorgen Lundman wrote: > > I am fairly certain it can not be done now, and would probably be a > massive task, but I am curious as to any engineering solution there > might be.. > > A colleague whose Cisco SSL accellerators had not arrived in time > brought this up. They need an (incoming) L4 loadbalancer, that retains > the real remote IP (billing, country codes etc) and handles SSL on the > external facing interface, and plain TCP/IP on internal.
This is just SSL-offloading. Standard feature in most load balancers including netscaler and Foundry. > IPfilter and l4ip would take care of the L4 loadbalancing no problem, > and retain the external IPs. However, the SSL part is tricky. If you > drop any one of the criteria, it's not a big problem as well. I would suspect you could do this with SQUID.... the docs say it can do HTTP acceleration and also say it can *terminate* and SSL connection. The two together sound like SSL offloading... and if it doesn't do this, it probably could be made to with much less hacking then making IPF do it. Of course that only works for https -> http... for smtps/pops/imaps -> smtp/pop/imap you'd need to do more hacking. Can you give is a better idea of the flow of traffic though? -- Phil Dibowitz [EMAIL PROTECTED] Freeware and Technical Pages Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind." - Dr. Suess
signature.asc
Description: OpenPGP digital signature
