While migrating Linux hosts to a different location with different IP addresses, you change the DNS RRs (resource records) to reflect those changes. Before you do that, you make sure that the TTL (Time To Live on any ) of those RRs is set to a low value. And you do that enough in advance for any caches to have expired. This should be enough. But, in reality, there will always be caching resolvers that have overridden policespolicies, or there might be some hosts accessing your service using hardcoded literal IP addresses. After you've migrated the contents/services from the old box to the new box, kill the services running on the old box, you can then run this simple iptables script on the old host, which will forward all traffic to the new host:
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
#!/bin/sh NEW_IPv4="198.51.100.2" NEW_IPv6="2001:db8::4" echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv6/conf/all/forwarding for PORT in 25 80 443; do iptables -t nat -A PREROUTING -p tcp --dport $PORT -j DNAT --to-destination $NEW_IPv4 ip6tables -t nat -A PREROUTING -p tcp --dport $PORT -j DNAT --to-destination $NEW_IPv6 done iptables -t nat -A POSTROUTING -j MASQUERADE ip6tables -t nat -A POSTROUTING -j MASQUERADE |
Voila - transparent IPv4/IPv6 forwarding. The only "downside" is that you will see the IP address of the old box in the access logs of the new box. Leave this running for a day or two, and keep an eye on the logs. Once you're certain that no traffic come in to the old box, kill it. Note that the IPv6 part requires at least iptables 1.4.17, which means the OS should be at least RHEL7/CentOS7, Debian 8, or Ubuntu 14.04 LTS.
...