DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 22nd March 2012
schmurfy schmurfy is offline
Port Guard
 
Join Date: Aug 2011
Posts: 12
Thanked 0 Times in 0 Posts
Default transparent relay

Hi,
I am trying to forward port using relayd which works but what I really need is transparent relaying and I cannot make that one works :/

I have one OpenBSD 5.0 server with two network card (em0 can be ignored):
- em1: 192.168.33.10/24
- em2: 192.168.20.1/24

And another machine acting as server:
- em1: 192.168.33.11/24

My computer (client) is connected to the server on em2 and the server and router are connected with their em1 interfaces, the server use the router as its default route.

Here is my working configuration in non transparent mode:
pf.conf:
Code:
set skip on lo
anchor "relayd/*"
pass		# to establish keep-state
relayd.conf:
Code:
relay banana {
  listen on "192.168.20.1" port 8000
  forward to "192.168.33.11" port 80
}
After restarting relayd I connect with "curl http://192.168.20.1:8000" and I get the page served by the server machine, eveything is fine.



Now I tried switching to a transparent relay, I added this in pf.conf:
Code:
pass out log(all) on em1 divert-reply
and my relayd.conf now looks like this:
Code:
relay banana {
  listen on "192.168.20.1" port 8000
  transparent forward to "192.168.33.11" port 80 interface em1
}
After restarting relayd and reloading pf.conf if I start curl again I successfully connects to the relayd process but the relayd process never even try to connects to the http server on the server machine :/

I did some tests to ensure the routing was correct and the SO_BINDANY option worked by running this command on the router:
Code:
nc -s 192.168.20.254 192.168.33.11 80
When I do this it connects and if I type "GET /" it returns the web page and the server sees a connection from 192.168.20.254 so it works.


For some reason relayd cannot open the socket but I have no idea why...
relayd logging is not very helpful, I managed to force it in debug mode and I got this:

Code:
proc_dispatch: parent 1 got imsg 42 from relay 4
proc_dispatch: relay 1 got imsg 42 from parent 0
relay_dispatch_parent: session 1: expired
proc_dispatch: pfe 1 got imsg 39 from relay 4
# (previous line repeated a lot of time)

relay banana, session 1 (1 active), 0, 192.168.20.254 -> :80, bindany failed, invalid socket
# after the previous line the connection with curl is closed

proc_dispatch: pfe 1 got imsg 39 from relay 4
# (previous line repeated until I hit Ctrl+C)
Any idea why relayd would fails to establish the connection ? I am now digging into the relayd sources trying to find something helpful but not much luck for now...
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSMTPD as a GMail relay backrow OpenBSD General 1 25th December 2011 07:22 PM
Transparent proxy and bandwidth majkelos OpenBSD General 9 12th November 2011 02:52 AM
Transparent bridge performance with PF northwoods FreeBSD General 3 30th January 2009 09:48 AM
squid transparent questions toolbox FreeBSD Ports and Packages 0 20th December 2008 04:01 AM
ftp-proxy on transparent bridge mswall OpenBSD Security 4 7th July 2008 01:30 PM


All times are GMT. The time now is 04:17 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick