Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6454 Commits
49 Branches
2.1 GiB
Tree: a0c81f7a45
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a0c81f7a45'
${ noResults }
openntpd-openbsd/src/etc/relayd.conf

109 lines
2.6 KiB
Raw Normal View History

Update transparent HTTP proxy example: - Use the URL filter to block www.example.com/ - Use "forward to destination" instead of "forward to nat lookup" to use divert-to instead of rdr-to in PF.
13 years ago
link hoststated to the builds. ok miod@, henning@
18 years ago
use a variable $ext_addr instead of the hard-coded 192.168.1.1. this will make it easier for testing (just run hoststated -Dext_addr=X.X.X.X).
17 years ago
link hoststated to the builds. ok miod@, henning@
18 years ago
add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@
17 years ago
link hoststated to the builds. ok miod@, henning@
18 years ago
log a different notification message when the tcp check times out. also adjust the documentation a little bit to decrease confusion about the check timeout. From pyr@ ok deraadt@
16 years ago
add an relay example ok pyr@
17 years ago
link hoststated to the builds. ok miod@, henning@
18 years ago
some changes to the relayd.conf configuration language and grammar. the tables will look more like pf tables, it is easier to re-use tables with different options, "services" will become "redirections" (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example "virtual host" will become "listen on"), all target definitions will start with "forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@
17 years ago
link hoststated to the builds. ok miod@, henning@
18 years ago
some changes to the relayd.conf configuration language and grammar. the tables will look more like pf tables, it is easier to re-use tables with different options, "services" will become "redirections" (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example "virtual host" will become "listen on"), all target definitions will start with "forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@
17 years ago
link hoststated to the builds. ok miod@, henning@
18 years ago
hoststated gets renamed to relayd. easier to type, and actually says what the daemon does - it is a relayer that pays attention to the status of pools of hosts; not a status checkers that happens to do some relaying
17 years ago
link hoststated to the builds. ok miod@, henning@
18 years ago
some changes to the relayd.conf configuration language and grammar. the tables will look more like pf tables, it is easier to re-use tables with different options, "services" will become "redirections" (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example "virtual host" will become "listen on"), all target definitions will start with "forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@
17 years ago
link hoststated to the builds. ok miod@, henning@
18 years ago
add an relay example ok pyr@
17 years ago
add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@
17 years ago
add an relay example ok pyr@
17 years ago
some changes to the relayd.conf configuration language and grammar. the tables will look more like pf tables, it is easier to re-use tables with different options, "services" will become "redirections" (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example "virtual host" will become "listen on"), all target definitions will start with "forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@
17 years ago
sync the documentation with the latest change to require a 'header' keyword for default relay actions. ok pyr@
17 years ago
add an relay example ok pyr@
17 years ago
add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@
17 years ago
add an relay example ok pyr@
17 years ago
use a variable $ext_addr instead of the hard-coded 192.168.1.1. this will make it easier for testing (just run hoststated -Dext_addr=X.X.X.X).
17 years ago
add an relay example ok pyr@
17 years ago
some changes to the relayd.conf configuration language and grammar. the tables will look more like pf tables, it is easier to re-use tables with different options, "services" will become "redirections" (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example "virtual host" will become "listen on"), all target definitions will start with "forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@
17 years ago
add an relay example ok pyr@
17 years ago
add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@
17 years ago
make the generic handler for TCP-based protocols the default (allows to use "protocol foo" without defining a type).
17 years ago
add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@
17 years ago
some changes to the relayd.conf configuration language and grammar. the tables will look more like pf tables, it is easier to re-use tables with different options, "services" will become "redirections" (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example "virtual host" will become "listen on"), all target definitions will start with "forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@
17 years ago
extend proxy example
17 years ago
Update transparent HTTP proxy example: - Use the URL filter to block www.example.com/ - Use "forward to destination" instead of "forward to nat lookup" to use divert-to instead of rdr-to in PF.
13 years ago
Update the transparent HTTP proxy example: Include filters to block some well-known instant messengers; thanks to Rene Badalassi (rene at cybersecure dot com dot au) for providing the examples. (This change depends on my latest fix to hoststated)
17 years ago
extend proxy example
17 years ago
add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@
17 years ago
Update the transparent HTTP proxy example: Include filters to block some well-known instant messengers; thanks to Rene Badalassi (rene at cybersecure dot com dot au) for providing the examples. (This change depends on my latest fix to hoststated)
17 years ago
extend proxy example
17 years ago
Update the transparent HTTP proxy example: Include filters to block some well-known instant messengers; thanks to Rene Badalassi (rene at cybersecure dot com dot au) for providing the examples. (This change depends on my latest fix to hoststated)
17 years ago
add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@
17 years ago
Update transparent HTTP proxy example: - Use the URL filter to block www.example.com/ - Use "forward to destination" instead of "forward to nat lookup" to use divert-to instead of rdr-to in PF.
13 years ago
add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@
17 years ago
Update transparent HTTP proxy example: - Use the URL filter to block www.example.com/ - Use "forward to destination" instead of "forward to nat lookup" to use divert-to instead of rdr-to in PF.
13 years ago
add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@
17 years ago
 
  1. # $OpenBSD: relayd.conf,v 1.14 2011/04/07 13:33:52 reyk Exp $
  2. #
  3. # Macros
  4. #
  5. ext_addr="192.168.1.1"
  6. webhost1="10.0.0.1"
  7. webhost2="10.0.0.2"
  8. sshhost1="10.0.0.3"
  9. 

  10. #
  11. # Global Options
  12. #
  13. # interval 10
  14. # timeout 1000
  15. # prefork 5
  16. 

  17. #
  18. # Each table will be mapped to a pf table.
  19. #
  20. table <webhosts> { $webhost1 $webhost2 }
  21. table <fallback> { 127.0.0.1 }
  22. 

  23. #
  24. # Services will be mapped to a rdr rule.
  25. #
  26. redirect www {
  27. 	listen on $ext_addr port http interface trunk0
  28. 

  29. 	# tag every packet that goes thru the rdr rule with RELAYD
  30. 	tag RELAYD
  31. 

  32. 	forward to <webhosts> check http "/" code 200
  33. 	forward to <fallback> check icmp
  34. }
  35. 

  36. #
  37. # Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
  38. #
  39. http protocol httpssl {
  40. 	header append "$REMOTE_ADDR" to "X-Forwarded-For"
  41. 	header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
  42. 	header change "Connection" to "close"
  43. 

  44. 	# Various TCP performance options
  45. 	tcp { nodelay, sack, socket buffer 65536, backlog 128 }
  46. 

  47. #	ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
  48. #	ssl session cache disable
  49. }
  50. 

  51. relay wwwssl {
  52. 	# Run as a SSL accelerator
  53. 	listen on $ext_addr port 443 ssl
  54. 	protocol httpssl
  55. 

  56. 	# Forward to hosts in the webhosts table using a src/dst hash
  57. 	forward to <webhosts> port http mode loadbalance \
  58. 		check http "/" code 200
  59. }
  60. 

  61. #
  62. # Relay and protocol for simple TCP forwarding on layer 7
  63. #
  64. protocol sshtcp {
  65. 	# The TCP_NODELAY option is required for "smooth" terminal sessions
  66. 	tcp nodelay
  67. }
  68. 

  69. relay sshgw {
  70. 	# Run as a simple TCP relay
  71. 	listen on $ext_addr port 2222
  72. 	protocol sshtcp
  73. 

  74. 	# Forward to the shared carp(4) address of an internal gateway
  75. 	forward to $sshhost1 port 22
  76. }
  77. 

  78. #
  79. # Relay and protocol for a transparent HTTP proxy
  80. #
  81. http protocol httpfilter {
  82. 	# Return HTTP/HTML error pages to the client
  83. 	return error
  84. 

  85. 	# Block disallowed sites
  86. 	label "URL filtered!"
  87. 	request url filter "www.example.com/"
  88. 

  89. 	# Block disallowed browsers
  90. 	label "Please try a <em>different Browser</em>"
  91. 	header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
  92. 

  93. 	# Block some well-known Instant Messengers
  94. 	label "Instant messenger disallowed!"
  95. 	response header filter "application/x-msn-messenger" from "Content-Type"
  96. 	response header filter "app/x-hotbar-xip20" from "Content-Type"
  97. 	response header filter "application/x-icq" from "Content-Type"
  98. 	response header filter "AIM/HTTP" from "Content-Type"
  99. 	response header filter "application/x-comet-log" from "Content-Type"
  100. }
  101. 

  102. relay httpproxy {
  103. 	# Listen on localhost, accept diverted connections from pf(4)
  104. 	listen on 127.0.0.1 port 8080
  105. 	protocol httpfilter
  106. 

  107. 	# Forward to the original target host
  108. 	forward to destination
  109. }