On Monday 14 June 2004 09:57, Adrian 'Dagurashibanipal' von Bidder wrote: > This may be obvious, but not to me... is there any difference compared > to using iptables DNAT?
I believe that you'd have some problems if you used DNAT. Think of what happens to a packet coming into your old colo and being NATed to the completely different set of IPs at your new colo ... - packet from client arrives at oldcolo - packet is DNATed to newcolo - newcolo receives packet with source address client, destination address newcolo (self) - newcolo responds to packet by looking in it's routing table, it sees that it is responding to a non-local source address and so replies via it's default route Basically, the client would initiate communications with oldcolo but recieve replies with from the address of newcolo. The simple way around this is to use a proxy as other people have suggested. Personally I wouldn't bother with supporting things on the old address, set TTLs on the A records very low (let's say 10 minutes) at the point where you wish to switch the servers and just do it. If DNS is done correctly then there should be very little downtime. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
