|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
transparent relay
Hi,
I am trying to forward port using relayd which works but what I really need is transparent relaying and I cannot make that one works :/ I have one OpenBSD 5.0 server with two network card (em0 can be ignored): - em1: 192.168.33.10/24 - em2: 192.168.20.1/24 And another machine acting as server: - em1: 192.168.33.11/24 My computer (client) is connected to the server on em2 and the server and router are connected with their em1 interfaces, the server use the router as its default route. Here is my working configuration in non transparent mode: pf.conf: Code:
set skip on lo anchor "relayd/*" pass # to establish keep-state Code:
relay banana { listen on "192.168.20.1" port 8000 forward to "192.168.33.11" port 80 } Now I tried switching to a transparent relay, I added this in pf.conf: Code:
pass out log(all) on em1 divert-reply Code:
relay banana { listen on "192.168.20.1" port 8000 transparent forward to "192.168.33.11" port 80 interface em1 } I did some tests to ensure the routing was correct and the SO_BINDANY option worked by running this command on the router: Code:
nc -s 192.168.20.254 192.168.33.11 80 For some reason relayd cannot open the socket but I have no idea why... relayd logging is not very helpful, I managed to force it in debug mode and I got this: Code:
proc_dispatch: parent 1 got imsg 42 from relay 4 proc_dispatch: relay 1 got imsg 42 from parent 0 relay_dispatch_parent: session 1: expired proc_dispatch: pfe 1 got imsg 39 from relay 4 # (previous line repeated a lot of time) relay banana, session 1 (1 active), 0, 192.168.20.254 -> :80, bindany failed, invalid socket # after the previous line the connection with curl is closed proc_dispatch: pfe 1 got imsg 39 from relay 4 # (previous line repeated until I hit Ctrl+C) |
|
|||
I don't think my use case to be that exotic, is it ? Or is it that relayd is not really used at all ?
|
|
|||
The number of people who regularly answer OpenBSD questions on this site can be counted on one hand. If none of us felt we could add to the discussion, this should not be taken as a reflection of the larger community.
If you feel you can thoroughly articulate the problem, & can provide all relevant information, you might consider posting on misc@. |
|
|||
That's what I was afraid of, I hate mailing list...
I guess I will try my luck there. |
|
|||
for the records if anyone comes here: transparent mode is broken in the relayd shipped with OpenBSD 5.0.
Here is a solution to this from the mailing list: first fetch the openbsd sources and then: $ cd src/usr.sbin/relayd $ cvs up -D 2011/05/08 $ make install This will get you a working version of relayd, you can try getting the associated relayctl but I wasn't able to make it works, it crashes the relayd daemon when used, only the reload seems to be working but does nothing at all. Also if you send a SIGHUP to the process it will just exits. In the end I am now considering to write an alternative myself as closing every opened tcp connections when reloading the config (since restart is the only way) is not really an option for my use case. |
|
|||
Quote:
http://marc.info/?t=133285465600002&r=1&w=2 The above recipe is specifically explained in the following post: http://marc.info/?l=openbsd-misc&m=133293448804527&w=2 |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenSMTPD as a GMail relay | backrow | OpenBSD General | 1 | 25th December 2011 07:22 PM |
Transparent proxy and bandwidth | majkelos | OpenBSD General | 9 | 12th November 2011 02:52 AM |
Transparent bridge performance with PF | northwoods | FreeBSD General | 3 | 30th January 2009 09:48 AM |
squid transparent questions | toolbox | FreeBSD Ports and Packages | 0 | 20th December 2008 04:01 AM |
ftp-proxy on transparent bridge | mswall | OpenBSD Security | 4 | 7th July 2008 01:30 PM |