[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Changing source address


We have the following setup:

Server1 ---------- |---------- OpenBSD/PF/CARP-Cluster Firewall Server2 ----------

We do load balancing with PF. Some server applications and clients accessing the server applications "missbehave" and send packet directly to the server instead to the Firewall by reading the IP-Packet instead of the protocol header and picking the IP to reply from there.

Is there a way to change the source address of packages sent by the servers to the client with the IP of the Firewall? I have nothing found in PF. This way, we can force clients to send their reply to the firewall only.

Is this bad habit or a common practice?