Ok,

I know that I can only have one SSL site per IP address with Apache:

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47

Unfortunately, my web server is running inside a private LAN on IP 192.168.0.3.

I have 5 public IP addresses that all web traffic routes to this box for the time being.

What I'm wondering is, can I give this server multiple private IPs (it's a small network so there are plenty available!) and use iptables to NAT traffic to a different private IP address (but which still routes to the same physical web server) based on which public IP address traffic is coming in on?

Here's essentially what I want to do in Apache:

NameVirtualHost 192.168.0.3:443
NameVirtualHost 192.168.0.103:443
NameVirtualHost 192.168.0.104:443
NameVirtualHost 192.168.0.105:443
NameVirtualHost 192.168.0.106:443

<VirtualHost 192.168.0.3:443>
ServerName www.site1.com
SSLEngine on
etc.
</VirtualHost>

<VirtualHost 192.168.0.103:443>
ServerName www.site2.com
SSLEngine on
etc.
</VirtualHost>

<VirtualHost 192.168.0.104:443>
ServerName www.site3.com
SSLEngine on
etc.
</VirtualHost>

etc.

And have site1 DNS'd to public ip 24.16.106.242, site2 to 24.16.106.243, site3 to 24.16.106.244, etc. And finally have the firewall say:

SSL coming in on 24.16.106.242? NAT to 192.168.0.3
SSL coming in on 24.16.106.243? NAT to 192.168.0.103
SSL coming in on 24.16.106.244? NAT to 192.168.0.104
etc.

The only part I don't know how to do is the iptables part. Is there a way to filter on which of my public IP addresses the traffic is coming in on?

Or is there a better non-convoluted way to do this? How do other folks do Apache SSL for virtual hosts?

Thx,

Josh