Hi there!
Intro: I'm running pound 1.9 on a solaris 9 server. I've had great
success with it and really appreciate the hard work invested in this
project. Thanks!
Problem: There are multiple public addresses which point to the pound
service which are translated by the firewall to private addresses bound
on the pound server. No problem with this configuration. Because a
large number of new sites are coming online soon and because I don't
have control over the cluster config, I was prompted to use unique
ports on the pound server to distinguish between the sites instead of
using unique IP addresses. Here's a snippet of my config (urls changed
to protect the innocent):
ListenHTTPS 10.10.10.20,44301 /etc/pound/1.pem
ListenHTTPS 10.10.10.20,44302 /etc/pound/1.pem
ListenHTTPS 10.10.10.20,44303 /etc/pound/1.pem
UrlGroup ".*"
HeadRequire Host "www.aaa.com.*"
Session COOKIE jsessionid 1800
BackEnd 10.10.20.205,8094,1
BackEnd 10.10.20.209,8094,1
EndGroup
UrlGroup ".*"
HeadRequire Host "www.bbb.com.*"
Session COOKIE jsessionid 1800
BackEnd 10.10.20.229,8094,1
BackEnd 10.10.20.234,8094,1
EndGroup
UrlGroup ".*"
HeadRequire Host "www.zzz.com.*"
Session COOKIE jsessionid 1800
BackEnd 10.10.20.229,8094,1
BackEnd 10.10.20.234,8094,1
EndGroup
When I point my browser to www.aaa.com I get a 503 and pound writes to
the log that there's no backend for the specified request. Here's how
the NAPT is configured on the firewall:
1.2.3.4:443 -> 10.10.10.20:44301
1.2.3.5:443 -> 10.10.10.20:44302
1.2.3.6:443 -> 10.10.10.20:44303
Anyone have any ideas why this doesn't work?
Thanks,
Victor
[...]
|
