[TriLUG] Tricky routing issue

Robert Dale robdale at gmail.com
Mon Oct 29 20:33:42 EDT 2007


On 10/29/07, Joshua Gitlin <josh at digitalfruition.com> wrote:
> Hello everyone,
>
> Looking for advice here. I have a complicated scenario and I'm not
> sure how to se it up.
>
> Problem in a nutshell: I need to share an IP address between two or
> more servers, because I need to use the same SSL certificate for two
> different services on two different servers.
>
> I'm running a website and Jabber. Both need to have the same
> certificate, and one server serves Jabber while another server runs
> the websites. The way I decided to solve this issue was to create a
> private 192.168 network between the two servers (web and jabber) and
> place a PFSense router on that netwkr. That way if i assign the IP
> with the cert attached to it to the PFSense router I can use port
> forwarding to send Jabber to one server and web to the other.
>
> The issue is that the web server has multiple public IP addresses,
> and if it's on both the private net and the public internet, this
> setup doesn't work.
>
> Any ideas?

Well, you have the router there.  Just point all your public IPs at it
and NAT to your webservers on private IPs.

Are your certs really based on IP address?  Consider getting certs
based on hostnames as they are much more portable and versatile.

-- 
Robert Dale



More information about the TriLUG mailing list