Hello,
I'm hosting several websites for specific users.
I created as many public domain names as I needed.
My first problem is that I don't have one IP for one website.
So xxx.domain.com refers to 10.10.10.10 and so does yyy.domain.com.
I wan't checkpoint NG55 AI to route the incoming packets on an ISA
server which acts as a reverse proxy.
ISA is useful for publishing multiple websites with only one IP for
example, as it is able to redirect requests to web servers using the
destination domain name.
In the checkpoint security ruleset I created a rule that allows incoming
traffic from any user to IP 10.10.10.10 on HTTP protocol.
In the NAT ruleset I defined the rule like this :
Original packet ------------------------ translated packet
Any -> 10.10.10.10 -> http --- any -> ISA server (static) -> http
I use ethereal on the ISA server to monitor incoming packets and see why
the redirection fails.
In fact the original packet is adressed to a certain domain name, for
instance xxx.domain.com
When it arrives to the ISA external IP, the destination is no longer the
domain name but 10.10.10.10
The problem is that ISA server needs the domain name or isn't able to
redirect HTTP requests.
Do you know a method to keep the properties of the original packet in
the translated packet?
Thank you!
Yannick Chanoine
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
