Hi,

Thanks for the replies.

Jaap:

> You say that the webserver knows the
> OBSD box, but does it know how to reach
> the client ?

Yes. The webservers at 10.4.12.235 and 10.4.11.26 know 10.4.x.x as a 16
bit network, hence it can reach the clients, which are all 10.4.12.x.x.

The clients are accessing the web server (at least the old one) as part
of daily business so that routing is fine.

Stefan:

Thanks, I understand now what you are suggesting. Still I can't make
the OpenBSD box the default route for the web server - it needs the
default route to be set to the company gateway or some of the web apps
running there will break. I might try this as a last resort thing, but
I can't really risk breaking the apps for the users.

I have throught this through in the meantime and I discover further
flaws in my original plan. E.g. the packets from the client, through
the OpenBSD box to the web server will leave the OpenBSD box on one
interface and come back on another (due to my rather "excotic"
subnetting), this will probably break the statefullness anyway. I don't
think that statefullness spawns over multiple interfaces.

I will now try to use one network card in the OpenBSD box, and try to
use 10.4.x.x/16 on that one so I can address both the client and the
two web servers with one network card and have all machines in the same
subnet. I will then try if port forwarding from the OpenBSD box to the
web server works this way. If that works, its the easier and better
way. If not, I am lost

Will keep you all posted. If anyone knows already that the approach
with one common subnet and port forwarding wouldn't work however, I'd
be happy to hear about it.

Cheers,
Carsten