Ok, I know that I can only have one SSL site per IP address with Apache: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 Unfortunately, my web server is running inside a private LAN on IP 192.168.0.3. I have 5 public IP addresses that all web traffic routes to this box for the time being. What I'm wondering is, can I give this server multiple private IPs (it's a small network so there are plenty available!) and use iptables to NAT traffic to a different private IP address (but which still routes to the same physical web server) based on which public IP address traffic is coming in on? Here's essentially what I want to do in Apache: NameVirtualHost 192.168.0.3:443 NameVirtualHost 192.168.0.103:443 NameVirtualHost 192.168.0.104:443 NameVirtualHost 192.168.0.105:443 NameVirtualHost 192.168.0.106:443 <VirtualHost 192.168.0.3:443> ServerName www.site1.com SSLEngine on etc. </VirtualHost> <VirtualHost 192.168.0.103:443> ServerName www.site2.com SSLEngine on etc. </VirtualHost> <VirtualHost 192.168.0.104:443> ServerName www.site3.com SSLEngine on etc. </VirtualHost> etc. And have site1 DNS'd to public ip 24.16.106.242, site2 to 24.16.106.243, site3 to 24.16.106.244, etc. And finally have the firewall say: SSL coming in on 24.16.106.242? NAT to 192.168.0.3 SSL coming in on 24.16.106.243? NAT to 192.168.0.103 SSL coming in on 24.16.106.244? NAT to 192.168.0.104 etc. The only part I don't know how to do is the iptables part. Is there a way to filter on which of my public IP addresses the traffic is coming in on? Or is there a better non-convoluted way to do this? How do other folks do Apache SSL for virtual hosts? Thx, Josh _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list