I had originally planned on setting up the new server in the DMZ giving it a public IP address, updating the DNS record and going happily about my business but I decided to try something a little different. OpenBSD has a very cool load balancing program named Relayd (which used to be called hoststated). It can be setup to forward, reverse, redirect or accelerate packets.
For my use I wanted Relayd to act as a tcp port relay and redirect all www packets bound for my public IP to be redirected to my webserver in the DMZ, you can see the traffic flow below:
internet --> relayd forward (box1) --> server (box2)
To achieve this I edited my /etc/relayd.conf
as follows:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
|
Once my /etc/relayd.conf
setting was in place I started relayd
with the following command:
1
|
|
Additionally to make sure Relayd starts at boot time I added the following to my /etc/rc.conf.local
file:
1
|
|
And with that, all web traffic bound for my network is being successfully relayed to my external webserver in the DMZ, no changes to DNS were made.