I had originally planned on setting up the new server in the DMZ giving it a public IP address, updating the DNS record and going happily about my business but I decided to try something a little different. OpenBSD has a very cool load balancing program named Relayd (which used to be called hoststated). It can be setup to forward, reverse, redirect or accelerate packets.
For my use I wanted Relayd to act as a tcp port relay and redirect all www packets bound for my public IP to be redirected to my webserver in the DMZ, you can see the traffic flow below:
internet --> relayd forward (box1) --> server (box2)
To achieve this I edited my
/etc/relayd.conf as follows:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
/etc/relayd.conf setting was in place I started
relayd with the following command:
Additionally to make sure Relayd starts at boot time I added the following to my
And with that, all web traffic bound for my network is being successfully relayed to my external webserver in the DMZ, no changes to DNS were made.