diff --git a/src/etc/hoststated.conf b/src/etc/hoststated.conf index bba797b7..995d924e 100644 --- a/src/etc/hoststated.conf +++ b/src/etc/hoststated.conf @@ -1,10 +1,11 @@ -# $OpenBSD: hoststated.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $ +# $OpenBSD: hoststated.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $ # # Macros # ext_addr="192.168.1.1" webhost1="10.0.0.1" webhost2="10.0.0.2" +sshhost1="10.0.0.3" # # Global Options @@ -43,16 +44,16 @@ service www { } # -# Relays and protocols are used for Layer 7 loadbalancing +# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration # protocol httpssl { - protocol http + protocol http header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header change "Connection" to "close" - # Various TCP performance options - tcp { nodelay, sack, socket buffer 65536, backlog 128 } + # Various TCP performance options + tcp { nodelay, sack, socket buffer 65536, backlog 128 } # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } # ssl session cache disable @@ -66,3 +67,40 @@ relay wwwssl { # Forward to hosts in the webhosts table using a src/dst hash table webhosts loadbalance } + +# +# Relay and protocol for simple TCP forwarding on layer 7 +# +protocol sshtcp { + protocol tcp + + # The TCP_NODELAY option is required for "smooth" terminal sessions + tcp nodelay +} + +relay sshgw { + # Run as a simple TCP relay + listen on $ext_addr port 2222 + protocol sshtcp + + # Forward to the shared carp(4) address of an internal gateway + forward to $sshhost1 port 22 +} + +# +# Relay and protocol for a transparent HTTP proxy +# +protocol httpfilter { + protocol http + header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent" + response header filter "application/*" from "Content-Type" +} + +relay httpproxy { + # Listen on localhost, accept redirected connections from pf(4) + listen on 127.0.0.1 port 8080 + protocol httpfilter + + # Forward to the original target host + nat lookup +} diff --git a/src/etc/relayd.conf b/src/etc/relayd.conf index ff12fe36..cf22b2c6 100644 --- a/src/etc/relayd.conf +++ b/src/etc/relayd.conf @@ -1,10 +1,11 @@ -# $OpenBSD: relayd.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $ +# $OpenBSD: relayd.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $ # # Macros # ext_addr="192.168.1.1" webhost1="10.0.0.1" webhost2="10.0.0.2" +sshhost1="10.0.0.3" # # Global Options @@ -43,16 +44,16 @@ service www { } # -# Relays and protocols are used for Layer 7 loadbalancing +# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration # protocol httpssl { - protocol http + protocol http header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header change "Connection" to "close" - # Various TCP performance options - tcp { nodelay, sack, socket buffer 65536, backlog 128 } + # Various TCP performance options + tcp { nodelay, sack, socket buffer 65536, backlog 128 } # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } # ssl session cache disable @@ -66,3 +67,40 @@ relay wwwssl { # Forward to hosts in the webhosts table using a src/dst hash table webhosts loadbalance } + +# +# Relay and protocol for simple TCP forwarding on layer 7 +# +protocol sshtcp { + protocol tcp + + # The TCP_NODELAY option is required for "smooth" terminal sessions + tcp nodelay +} + +relay sshgw { + # Run as a simple TCP relay + listen on $ext_addr port 2222 + protocol sshtcp + + # Forward to the shared carp(4) address of an internal gateway + forward to $sshhost1 port 22 +} + +# +# Relay and protocol for a transparent HTTP proxy +# +protocol httpfilter { + protocol http + header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent" + response header filter "application/*" from "Content-Type" +} + +relay httpproxy { + # Listen on localhost, accept redirected connections from pf(4) + listen on 127.0.0.1 port 8080 + protocol httpfilter + + # Forward to the original target host + nat lookup +}