Date: Wed, 26 Sep 2007 07:18:07 -0500 From: Jonathan Horne <freebsd@dfwlp.com> To: freebsd-questions@freebsd.org Subject: Re: pf redirect question Message-ID: <200709260718.07589.freebsd@dfwlp.com> In-Reply-To: <200709261028.49258.nvass@teledomenet.gr> References: <200709250946.58855.freebsd@dfwlp.com> <200709252048.34245.freebsd@dfwlp.com> <200709261028.49258.nvass@teledomenet.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 26 September 2007 02:28:48 Nikos Vassiliadis wrote: > No, don't use the IP on your server. Why you should do such a thing? > why not? i did specify that the old server is decommissioning and would be permenantly downed. > You just have to make sure that packets ($old_server <-> $world) > are routed through your $pf box. I guess that's the case for you. > pf will just translate the destination address from $old_server > to $new_server. > yes, any client or server would be able to route across the wan to the new ip at the other end. > BUT, which is this service you are talking about? Cause that's not > feasible with everything. > > Nikos ultimately, i want to route some Mcafee ePolicy clients to use another server. weve installed our new agent on all our machines, but i still have a handful of clients that are "roamers" who are checking in via the vpn concentrator, which i cannot physically get to their machines to perform their upgrade. if i can re-route their check-in server to our new server (and yes, the inbound vpn also uses all the same routes to other sites as our internal core switches), that would a) not knock those roaming clients off antivirus updates, b) i could also use the same trick to upgrade our server farm, and c) our new york office is lagging way behind on their client upgrades, and this would help them out as well (by directing anyone remaining over to the new server, which is in chicago). so far, i was trying it out, by trying to redirect port 80 on my laptop, to a monitoring service on the server at 10.22.192.131:8080, but it would just die if i tried to telnet to my laptops port 80 (from some other machine, not the laptop or test server). was my syntax in my example incorrect? thanks, -- Jonathan Horne http://dfwlpiki.dfwlp.org freebsd@dfwlp.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709260718.07589.freebsd>