This is all hypothetical, but I'm very curious if theres a way to set this up, and if so, what that way is?
So say I have a server thats at a data center, directly connected to the internet, using PF as it's firewall. All ports are blocked by default, and web and email ports are open explicitly.
This server has two IPs. One IP for one website, and a second IP for a bunch of others.
So is it possible to make a rule that takes all inbound traffic from the first IP, on lets say port 80, and redirect that to another IP and port entirely, across the internet? But of course it needs to be a 2-way communication, so responses to those inbound forwarded requests would also need to ping from the redirect server, back across the internet to this collocated server, then sent back to the original requester as if it was being handled normally.
Let me know if it's not clear what I'm trying to do. It sounds very much like I'm describing a VPN. But with the traffic already being fully encrypted, and also not being sensitive anyway, I wonder if I can do it super simply with just firewall redirects?
So to recap, website visitor would make an http request to server A, server A's firewall would forward the request to server B, server B would respond to the request by sending it back to server A, which would then send the response back to the user.
I've done a fair bit of networking and firewall rules and vpn tunneling over the years, but I've never done a setup like this. But if it can be done easily, this could be a really useful solution for me.
So say I have a server thats at a data center, directly connected to the internet, using PF as it's firewall. All ports are blocked by default, and web and email ports are open explicitly.
This server has two IPs. One IP for one website, and a second IP for a bunch of others.
So is it possible to make a rule that takes all inbound traffic from the first IP, on lets say port 80, and redirect that to another IP and port entirely, across the internet? But of course it needs to be a 2-way communication, so responses to those inbound forwarded requests would also need to ping from the redirect server, back across the internet to this collocated server, then sent back to the original requester as if it was being handled normally.
Let me know if it's not clear what I'm trying to do. It sounds very much like I'm describing a VPN. But with the traffic already being fully encrypted, and also not being sensitive anyway, I wonder if I can do it super simply with just firewall redirects?
So to recap, website visitor would make an http request to server A, server A's firewall would forward the request to server B, server B would respond to the request by sending it back to server A, which would then send the response back to the user.
I've done a fair bit of networking and firewall rules and vpn tunneling over the years, but I've never done a setup like this. But if it can be done easily, this could be a really useful solution for me.
