Please CC me when replying to me, since I will see your replies in no time. Otherwise your reply might not be seen, since it ends up in another directory in my maildir.
On Wednesday 26 September 2007 15:18, Jonathan Horne wrote: > On Wednesday 26 September 2007 02:28:48 Nikos Vassiliadis wrote: > > No, don't use the IP on your server. Why you should do such a thing? > > why not? i did specify that the old server is decommissioning and would > be permenantly downed. > Because the IP you will use on the host running FreeBSD and PF has nothing to do with FreeBSD and PF. If you do this, you understand that packets will be processed locally by FreeBSD's TCP/IP stack and not forwarded to the new server, right? You only want PF to alter the address from old server to new server as I said previously. Not accept the packet as if destined for localhost! > > You just have to make sure that packets ($old_server <-> $world) > > are routed through your $pf box. I guess that's the case for you. > > pf will just translate the destination address from $old_server > > to $new_server. > > yes, any client or server would be able to route across the wan to the > new ip at the other end. Something like this: client-a client-b | | ( internet cloud ) | (pf)--------(new-server) | | (old-server) > > BUT, which is this service you are talking about? Cause that's not > > feasible with everything. > > ultimately, i want to route some Mcafee ePolicy clients to use another > server. Yes, I know nothing about it. Is redirecting TCP port 8080 enough? [snip] > was my syntax in my example incorrect? Yes, try removing the interface, just to be more general, until you figure it out. Something like: rdr inet proto tcp from any to x.x.x.x port = ssh -> y.y.y.y port 22 And use "pfctl -vsnat" to check the state of the rdr command, like this: [ Evaluations: 3434 Packets: 14 Bytes: 840 States: 0 ] Be sure that every host involved is reachable from the pf box. Nikos _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"