On 10/31/16 12:10 AM, Philipp Buehler wrote:
Am 30.10.2016 18:28 schrieb Jeff Ross:
It seems like I should be able to use pf to redirect all inbound
traffic except ssh to the new server. I tried redirecting web traffic
as a test with the following rule in pf.conf:
#pass all non-ssl web traffic to luna
pass in quick proto tcp to port www rdr-to luna.openvistas.net port 80
I just assume that the incoming interface is the same that would be needed
to reach luna.openvistas.net?
If so, please see pf.conf(5) in Translation/rdr-to along the 'received-on'
example.
The rdr-to (as of now) will likely send the SYN to the the desired address,
but the src-ip-address will still be of the initial one ("browser") and
thus
the SYN-ACK (emitted from luna) goes there where it'll be ignored for not
being legit.
The example with received-on will fix this.
HTH,
That worked--I'll try to extend that for the other types of traffic I
have on the existing server.
Thanks!
Jeff
