trouble with binat routing
I am moving co-location facilities and I would like to configure an openbsd router to forward 30 public IP's to the new co-lo facility until such time as the DNS entries propogate across the internet.
my binat rules look like this
binat log on dc0 from 209.x.x.x to any -> 24.x.x.x
where the 24.x.x.x address is the current IP
and 209.x.x.x is the new IP
should this not work?
pf.log indicates that there are matches to the binat rule however
when I open a browser to 24.x.x.x I do not see the webpage on 209.x.x.x
Any help would be greatly appreciated
Giving little information causes big assumptions ;-)
You don't want to wait for DNS propagation and redirect all requests to new ipaddresses? I suppose you want to "forward" all requests coming from the Internet to the "old" ipaddresses to the "new" ipaddresses on a different location?
The way I see it is:
1. requests from Internet to "old" ipaddress are received by the OpenBSD firewall on the old location.
2. PF should redirect these requests to the new ipaddress on the new location
3. The server with the new ipaddress responds to the OpenBSD firewall on th eold location
4. PF should redirect the replies back to the requesting "client" on the Internet.
So the OpenBSD PF firewall should NAT all requests it forwards to the new destinations as if they were initiated by the firewall itself in order to get the replies.
Is this the way you want to do it?
|Thread||Thread Starter||Forum||Replies||Last Post|
|Loose UDP routing?||spiller37||OpenBSD Security||4||31st July 2009 11:10 PM|
|double nat routing||giagni||General software and network||5||22nd May 2009 07:10 PM|
|Firewall routing||Magoo||FreeBSD General||9||4th November 2008 04:39 PM|
|Routing and routing some more!||Weaseal||FreeBSD General||1||19th August 2008 01:39 PM|
|OpenBSD and routing||cchapman||OpenBSD General||5||25th July 2008 05:55 PM|