Something like iptables DNAT possible with pfSense?
-
Our company will be moving locations and backbone providers soon. Currently we have a /24 subnet of public IP's on a T1 line and we will be moving to a /24 subnet of DIFFERENT IP's on a fiber connection in a completely different physical location. The problem I am trying to avoid is DNS propagation delays when moving to the new IP's since we are currently running a web server, dns servers, and a mail server.
We are currently running pfSense in transparent bridge mode with firewall rules restricting the ports that are open to the world at the orignal location. I would like to set up a new pfSense box in the new location using VIP's and 1:1 NAT rules (If NAT reflection will work correctly).
My question is this:
Is there any way with pfSense to have the box at the first location take incoming requests for the original IP's and have it NAT the traffic somehow to the new IP's at the new location. I'd like to forward all traffic coming in to the original IP's as I would have to spend hours setting up all the port forwards I would need.
In the process of NATing the traffic I do not care much about retaining the original source IP as I only need to run in this configuration for a couple of days until the DNS changes propagate.
I've read that iptables can do something like this with DNAT, however I'd like to use pfSense if I can.
I will have control over both networks and both pfSense boxes and can change their configs in anyway that is necessary to get this working. I can also add in any additional pfSense boxes if needed.
Thanks in advance for any help with this.