||To answer your specific question, I would just do it with iptables if you must continue accessing it by IP address. I will point out that the service on the new IP address now has doubled its chances of going out of service, because it depends on both machines running, even though the first has nothing to do with it. Also, doing this with firewall rules isn't very nice from a systems management perspective for the future, as it's not very obvious what's going on with some server rewriting packets for another one. If someone sees that in two years, are they going to know what to do? What if they want to take server 1 down, and forget that it also disrupts 2? Using DNS is much cleaner for these reasons.