On Tue, Nov 19, 2002 at 12:03:45PM -0000, Dan Heaver wrote: > Hi, I'm currently pondering a solution for one of our clients using openbsd > / pf as the building blocks that hold the solution together and would value > > People's opinion on the idea. > > Basically this is the set up I want to implement > > I want to have an openbsd box in front of two Solaris boxes (these boxes are > already in place and serving a live website) that nat's a public ip address > to one > Of the boxes, I then want to write a demon that monitors services on the > Solaris and dynamically changes the nat to point to the second box should it > deem > That one of the services has failed. > > > Does this sound feasible ? > Where would I have to look to dynamically change nat rules in pf ? >
Yes , you could do it writting a custom program (daemon) that : 1) Monitor services. 2) Change the NAT rules via /dev/pf ioctl's ( man pf ). Sounds prety easy if you have knowledge of c languaje. I'v been working with pf ioctl's for a while on a project currently owned by the company I work, so I can't open the sources but if you have problems with it make contact with me at [EMAIL PROTECTED] Regards. > > Regards > Dan > > > ________________________________________________________________________ > This e-mail has been scanned for all viruses by Star Internet. The > service is powered by MessageLabs. For more information on a proactive > anti-virus service working around the clock, around the globe, visit: > http://www.star.net.uk > ________________________________________________________________________ -- Hector A. Paterno
