Hi SystemDog,
Giving little information causes big assumptions ;-)
You don't want to wait for DNS propagation and redirect all requests to new ipaddresses? I suppose you want to "forward" all requests coming from the Internet to the "old" ipaddresses to the "new" ipaddresses on a different location?
The way I see it is:
1. requests from Internet to "old" ipaddress are received by the OpenBSD firewall on the old location.
2. PF should redirect these requests to the new ipaddress on the new location
3. The server with the new ipaddress responds to the OpenBSD firewall on th eold location
4. PF should redirect the replies back to the requesting "client" on the Internet.
So the OpenBSD PF firewall should NAT all requests it forwards to the new destinations as if they were initiated by the firewall itself in order to get the replies.
Is this the way you want to do it?
|