I had originally planned on setting up the new server in the DMZ giving it a public IP address, updating the DNS record and going happily about my business but I decided to try something a little different. OpenBSD has a very cool load balancing program named Relayd (which used to be called hoststated). It can be setup to forward, reverse, redirect or accelerate packets.

For my use I wanted Relayd to act as a tcp port relay and redirect all www packets bound for my public IP to be redirected to my webserver in the DMZ, you can see the traffic flow below:

internet --> relayd forward (box1) --> server (box2)

To achieve this I edited my /etc/relayd.conf as follows:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

box1_addr="10.1.1.2"
box1_port="80"
box2_addr="10.1.1.3"
box2_port="80"

## TCP port relay and forwarder
#
protocol "tcp_service" {
                   tcp { nodelay, socket buffer 65536 }
           }

           relay "tcp_forwarder" {
                   listen on $box1_addr port $box1_port
                   protocol "tcp_service"
                   forward to $box2_addr port $box2_port
           }

Once my /etc/relayd.conf setting was in place I started relayd with the following command:

1

relayd -f /etc/relayd.conf

Additionally to make sure Relayd starts at boot time I added the following to my /etc/rc.conf.local file:

1

relayd_flags=""

And with that, all web traffic bound for my network is being successfully relayed to my external webserver in the DMZ, no changes to DNS were made.

The Apache mod_rewrite module is a very powerful feature of Apache that is sometimes overlooked. For example, I needed to change all requests for http://computerglitch.net to http://www.computerglitch.net to do this I added the following code to the vhost file for computerglitch.net:

1
2
3

RewriteEngine On
    RewriteCond %{HTTP_HOST} ^computerglitch\.net
    RewriteRule ^(.*)$ http://www.computerglitch.net/$1 [R=permanent,L]

Lets go over step by step what this code is actually doing.