Thread: transparent relay
View Single Post
  #1   (View Single Post)  
Old 22nd March 2012
schmurfy schmurfy is offline
Port Guard
  
Join Date: Aug 2011
Posts: 12
Default transparent relay
Hi,
I am trying to forward port using relayd which works but what I really need is transparent relaying and I cannot make that one works :/

I have one OpenBSD 5.0 server with two network card (em0 can be ignored):
- em1: 192.168.33.10/24
- em2: 192.168.20.1/24

And another machine acting as server:
- em1: 192.168.33.11/24

My computer (client) is connected to the server on em2 and the server and router are connected with their em1 interfaces, the server use the router as its default route.

Here is my working configuration in non transparent mode:
pf.conf:
Code:
set skip on lo
anchor "relayd/*"
pass		# to establish keep-state
relayd.conf:
Code:
relay banana {
  listen on "192.168.20.1" port 8000
  forward to "192.168.33.11" port 80
}
After restarting relayd I connect with "curl http://192.168.20.1:8000" and I get the page served by the server machine, eveything is fine.



Now I tried switching to a transparent relay, I added this in pf.conf:
Code:
pass out log(all) on em1 divert-reply
and my relayd.conf now looks like this:
Code:
relay banana {
  listen on "192.168.20.1" port 8000
  transparent forward to "192.168.33.11" port 80 interface em1
}
After restarting relayd and reloading pf.conf if I start curl again I successfully connects to the relayd process but the relayd process never even try to connects to the http server on the server machine :/

I did some tests to ensure the routing was correct and the SO_BINDANY option worked by running this command on the router:
Code:
nc -s 192.168.20.254 192.168.33.11 80
When I do this it connects and if I type "GET /" it returns the web page and the server sees a connection from 192.168.20.254 so it works.


For some reason relayd cannot open the socket but I have no idea why...
relayd logging is not very helpful, I managed to force it in debug mode and I got this:

Code:
proc_dispatch: parent 1 got imsg 42 from relay 4
proc_dispatch: relay 1 got imsg 42 from parent 0
relay_dispatch_parent: session 1: expired
proc_dispatch: pfe 1 got imsg 39 from relay 4
# (previous line repeated a lot of time)

relay banana, session 1 (1 active), 0, 192.168.20.254 -> :80, bindany failed, invalid socket
# after the previous line the connection with curl is closed

proc_dispatch: pfe 1 got imsg 39 from relay 4
# (previous line repeated until I hit Ctrl+C)
Any idea why relayd would fails to establish the connection ? I am now digging into the relayd sources trying to find something helpful but not much luck for now...
Reply With Quote