pf redirect question

[Jonathan Horne]

On Wednesday 26 September 2007 02:28:48 Nikos Vassiliadis wrote:
> No, don't use the IP on your server. Why you should do such a thing?
>

why not?  i did specify that the old server is decommissioning and would be 
permenantly downed.

> You just have to make sure that packets ($old_server <-> $world)
> are routed through your $pf box. I guess that's the case for you.
> pf will just translate the destination address from $old_server
> to $new_server.
>

yes, any client or server would be able to route across the wan to the new ip 
at the other end.

> BUT, which is this service you are talking about? Cause that's not
> feasible with everything.
>
> Nikos

ultimately, i want to route some Mcafee ePolicy clients to use another server.  
weve installed our new agent on all our machines, but i still have a handful 
of clients that are "roamers" who are checking in via the vpn concentrator, 
which i cannot physically get to their machines to perform their upgrade.  if 
i can re-route their check-in server to our new server (and yes, the inbound 
vpn also uses all the same routes  to other sites as our internal core 
switches),  that would a) not knock those roaming clients off antivirus 
updates, b) i could also use the same trick to upgrade our server farm, and 
c) our new york office is lagging way behind on their client upgrades, and 
this would help them out as well (by directing anyone remaining over to the 
new server, which is in chicago).

so far, i was trying it out, by trying to redirect port 80 on my laptop, to a 
monitoring service on the server at 10.22.192.131:8080, but it would just die 
if i tried to telnet to my laptops port 80 (from some other machine, not the 
laptop or test server).

was my syntax in my example incorrect?

thanks,
-- 
Jonathan Horne
http://dfwlpiki.dfwlp.org
freebsd at dfwlp.com