[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dynamically changing pf rules
On Tue, Nov 19, 2002 at 12:03:45PM -0000, Dan Heaver wrote:
> Hi, I'm currently pondering a solution for one of our clients using openbsd
> / pf as the building blocks that hold the solution together and would value
> People's opinion on the idea.
> Basically this is the set up I want to implement
> I want to have an openbsd box in front of two Solaris boxes (these boxes are
> already in place and serving a live website) that nat's a public ip address
> to one
> Of the boxes, I then want to write a demon that monitors services on the
> Solaris and dynamically changes the nat to point to the second box should it
> That one of the services has failed.
> Does this sound feasible ?
> Where would I have to look to dynamically change nat rules in pf ?
Yes , you could do it writting a custom program (daemon) that :
1) Monitor services.
2) Change the NAT rules via /dev/pf ioctl's ( man pf ).
Sounds prety easy if you have knowledge of c languaje.
I'v been working with pf ioctl's for a while on a project currently
owned by the company I work, so I can't open the sources but if you have
problems with it make contact with me at firstname.lastname@example.org
> This e-mail has been scanned for all viruses by Star Internet. The
> service is powered by MessageLabs. For more information on a proactive
> anti-virus service working around the clock, around the globe, visit:
Hector A. Paterno