[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Changing source address



Hello,

We have the following setup:


Server1 ---------- |---------- OpenBSD/PF/CARP-Cluster Firewall Server2 ----------


We do load balancing with PF. Some server applications and clients accessing the server applications "missbehave" and send packet directly to the server instead to the Firewall by reading the IP-Packet instead of the protocol header and picking the IP to reply from there.


Is there a way to change the source address of packages sent by the servers to the client with the IP of the Firewall? I have nothing found in PF. This way, we can force clients to send their reply to the firewall only.

Is this bad habit or a common practice?


Regards,


Cyrill