Hi
Sorry for the delay in this.
Here is my pound.cfg - I have obscured IP/ domain names for security
reasons...
I am not using 0.0.0.0 ...
----------------------------------------------------------------------------------------
## Minimal sample pound.cfg
##
## see pound(8) for details
######################################################################
## global options:
User "root"
Group "root"
#RootJail "/chroot/pound"
## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
LogLevel 3
## check backend every X secs:
Alive 30
## use hardware-accelleration card supported by openssl(1):
#SSLEngine "<hw>"
######################################################################
## listen, redirect and ... to:
## redirect all requests on port 8080 ("ListenHTTP") to the local webserver
(see "Service" below):
ListenHTTP
Address xxx.xxx.175.61
Port 80
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP 0
Service
HeadRequire "Host: www.xxxxxxx.com"
Redirect "https://www.xxxxxxx.com";
End
Service
HeadRequire "Host: xxxxxxx.com"
Redirect "https://xxxxxxx.com";
End
End
ListenHTTPS
Address xxx.xxx.175.61
Port 443
Cert "/etc/pound/xxxxxxx.xxxxxxx.com.pem"
End
ListenHTTP
Address xxx.xxx.175.135
Port 80
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP 0
End
ListenHTTPS
Address xxx.xxx.175.135
Port 443
Cert "/etc/pound/www.xxxxxxx.xxxxxxx.com.pem"
End
ListenHTTPS
Address xxx.xxx.175.17
Port 443
Cert "/etc/pound/admin.txxxxxxxxxxxxxxx.com.pem"
End
ListenHTTPS
Address xxx.xxx.175.195
Port 443
Cert "/etc/pound/adminstg.txxxxxxxxxxxxxxx.com.pem"
End
ListenHTTPS
Address xxx.xxx.175.196
Port 443
Cert "/etc/pound/sso.txxxxxxxxxxxxxxx.com.pem"
End
ListenHTTPS
Address xxx.xxx.175.77
Port 443
Cert "/etc/pound/ssostg.txxxxxxxxxxxxxxx.com.pem"
End
ListenHTTPS
Address xxx.xxx.175.116
Port 443
Cert
"/etc/pound/xxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.co.uk.pem"
VerifyList "/etc/pound/rapid_ssl_CA.pem"
End
ListenHTTP
Address xxx.xxx.175.116
Port 80
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP 0
End
ListenHTTPS
Address xxx.xxx.175.216
Port 443
Cert "/etc/pound/instoreuatssl.xxxx.xxx.xxx.co.uk.pem"
VerifyList "/etc/pound/rapid_ssl_CA.pem"
End
ListenHTTP
Address xxx.xxx.175.216
Port 80
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP 0
End
ListenHTTPS
Address xxx.xxx.174.64
Port 443
Cert
"/etc/pound/agentuatssl.broadband.xxxxxx.xxxxxxig3.co.uk.pem"
VerifyList "/etc/pound/rapid_ssl_CA.pem"
End
ListenHTTP
Address xxx.xxx.174.64
Port 80
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP 0
End
Service
BackEnd
Address 192.168.0.2
TimeOut 240
Port 80
Priority 3
End
BackEnd
Address 192.168.0.3
TimeOut 240
Port 80
Priority 3
End
Session
Type IP
TTL 12000
End
End
----------------------------------------------------------------------------------------
Also if it helps the pound server has these iptables rules..
------------------------------------------------------------------
#!/bin/bash
iptables -F
iptables -F -t nat
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 21 -j DNAT --to
192.168.0.2:21
iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 21 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 20 -j DNAT --to
192.168.0.2:20
iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 20 -j ACCEPT
## For the win
## Ossec test
#iptables -A PREROUTING -t nat -p udp -i eth0 --dport 514 -j DNAT --to
192.168.0.2:514
#iptables -A FORWARD -p udp -i eth0 -d 192.168.0.2 --dport 514 -j ACCEPT
#iptables -A PREROUTING -t nat -p udp -i eth0 --dport 1514 -j DNAT --to
192.168.0.2:1514
#iptables -A FORWARD -p udp -i eth0 -d 192.168.0.2 --dport 1514 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 60000:65534 -j DNAT
--to 192.168.0.2
iptables -A FORWARD -p tcp -i eth0 -m state --state NEW --dport 60000:65534
-j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 3389 -j DNAT --to
192.168.0.2:3389
iptables -A INPUT -p tcp -m state --state NEW --dport 3389 -i eth0 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 84 -j DNAT --to
192.168.0.2:80
iptables -A INPUT -p tcp -m state --state NEW --dport 84 -i eth0 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 85 -j DNAT --to
192.168.0.3:80
iptables -A INPUT -p tcp -m state --state NEW --dport 85 -i eth0 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 20014 -j DNAT --to
192.168.0.2:20014
iptables -A INPUT -p tcp -m state --state NEW --dport 20014 -i eth0 -j
ACCEPT
#Backups
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 873 -j DNAT --to
192.168.0.2:873
iptables -A INPUT -p tcp -m state --state NEW --dport 873 -i eth0 -j ACCEPT
# R1Soft
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1168 -j DNAT --to
192.168.0.2:1168
iptables -A INPUT -p tcp -m state --state NEW --dport 1168 -i eth0 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1169 -j DNAT --to
192.168.0.3:1169
iptables -A INPUT -p tcp -m state --state NEW --dport 1169 -i eth0 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1170 -j DNAT --to
192.168.0.4:1170
iptables -A INPUT -p tcp -m state --state NEW --dport 1170 -i eth0 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1171 -j DNAT --to
192.168.0.5:1171
iptables -A INPUT -p tcp -m state --state NEW --dport 1171 -i eth0 -j ACCEPT
------------------------------------------------------------------
Any help with this would to good.
Thank you
Regards.
