pf redirect question
Jonathan Horne
freebsd at dfwlp.com
Wed Sep 26 05:18:45 PDT 2007
On Wednesday 26 September 2007 02:28:48 Nikos Vassiliadis wrote:
> No, don't use the IP on your server. Why you should do such a thing?
>
why not? i did specify that the old server is decommissioning and would be
permenantly downed.
> You just have to make sure that packets ($old_server <-> $world)
> are routed through your $pf box. I guess that's the case for you.
> pf will just translate the destination address from $old_server
> to $new_server.
>
yes, any client or server would be able to route across the wan to the new ip
at the other end.
> BUT, which is this service you are talking about? Cause that's not
> feasible with everything.
>
> Nikos
ultimately, i want to route some Mcafee ePolicy clients to use another server.
weve installed our new agent on all our machines, but i still have a handful
of clients that are "roamers" who are checking in via the vpn concentrator,
which i cannot physically get to their machines to perform their upgrade. if
i can re-route their check-in server to our new server (and yes, the inbound
vpn also uses all the same routes to other sites as our internal core
switches), that would a) not knock those roaming clients off antivirus
updates, b) i could also use the same trick to upgrade our server farm, and
c) our new york office is lagging way behind on their client upgrades, and
this would help them out as well (by directing anyone remaining over to the
new server, which is in chicago).
so far, i was trying it out, by trying to redirect port 80 on my laptop, to a
monitoring service on the server at 10.22.192.131:8080, but it would just die
if i tried to telnet to my laptops port 80 (from some other machine, not the
laptop or test server).
was my syntax in my example incorrect?
thanks,
--
Jonathan Horne
http://dfwlpiki.dfwlp.org
freebsd at dfwlp.com
More information about the freebsd-questions
mailing list