>Date: Wed, 18 Apr 2007 06:04:52 -0400
>From: Brian McEwen <bmcewen (at mark) comcast.net>
> On Mar 30, 2007, at 4:52 PM, Brian N. Smith wrote:
>
> > NOW, what will break it is a shitty firewall that re-writes the
> > HTTP header incorrectly. Per HTTP spec, the header should include
> > the hostname of the virtual site your wanting to connect to.
> >
> > That is how it is possible to run 20-200 sites on a single IP, and
> > why it is impossible to run SSL the same way.
> >
> > If the firewall doing the NAT removes the HTTP header, the server
> > gets it and has no idea what to do, it will try to use the default
> > virtual site instead, which usually results in some crazy content
> > and the developer saying WTF.
> >
> > A proper firewall doesn't change the header, just re-writes IP
> > address/port, and forwards in, and then Apache answers the call and
> > responds with the content.
> I really haven't had time to mess with the BQ install I put on my
> Qube 3, but the little messing I have done leads me to believe that
> the Linksys WRT54G is an example of one such (bad) firewall for this
> use.
>
> I have some Cisco routers around but haven't put one up to do NAT yet.
>
I shouldn't email at 6AM.
My (unmentioned) question follows:
Is this assumption of mine about the WRT54G home-type routers correct?
If so, I'll spend my 10pm-midnight time getting a real router up and
figure out the IOS stuff needed for NAT, etc.
Else, I'll spend my time looking at the BQ part.
Thanks for help;
Brian