Browse Source

add additional relay examples: simple non-SSL TCP relay, transparent

HTTP proxy. this makes it easier to test hoststated.
ok pyr@
OPENBSD_4_3
reyk 17 years ago
parent
commit
ccb1b9f61c
2 changed files with 86 additions and 10 deletions
  1. +43
    -5
      src/etc/hoststated.conf
  2. +43
    -5
      src/etc/relayd.conf

+ 43
- 5
src/etc/hoststated.conf View File

@ -1,10 +1,11 @@
# $OpenBSD: hoststated.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $
# $OpenBSD: hoststated.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $
# #
# Macros # Macros
# #
ext_addr="192.168.1.1" ext_addr="192.168.1.1"
webhost1="10.0.0.1" webhost1="10.0.0.1"
webhost2="10.0.0.2" webhost2="10.0.0.2"
sshhost1="10.0.0.3"
# #
# Global Options # Global Options
@ -43,16 +44,16 @@ service www {
} }
# #
# Relays and protocols are used for Layer 7 loadbalancing
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
# #
protocol httpssl { protocol httpssl {
protocol http
protocol http
header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close" header change "Connection" to "close"
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
# ssl session cache disable # ssl session cache disable
@ -66,3 +67,40 @@ relay wwwssl {
# Forward to hosts in the webhosts table using a src/dst hash # Forward to hosts in the webhosts table using a src/dst hash
table webhosts loadbalance table webhosts loadbalance
} }
#
# Relay and protocol for simple TCP forwarding on layer 7
#
protocol sshtcp {
protocol tcp
# The TCP_NODELAY option is required for "smooth" terminal sessions
tcp nodelay
}
relay sshgw {
# Run as a simple TCP relay
listen on $ext_addr port 2222
protocol sshtcp
# Forward to the shared carp(4) address of an internal gateway
forward to $sshhost1 port 22
}
#
# Relay and protocol for a transparent HTTP proxy
#
protocol httpfilter {
protocol http
header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
response header filter "application/*" from "Content-Type"
}
relay httpproxy {
# Listen on localhost, accept redirected connections from pf(4)
listen on 127.0.0.1 port 8080
protocol httpfilter
# Forward to the original target host
nat lookup
}

+ 43
- 5
src/etc/relayd.conf View File

@ -1,10 +1,11 @@
# $OpenBSD: relayd.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $
# $OpenBSD: relayd.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $
# #
# Macros # Macros
# #
ext_addr="192.168.1.1" ext_addr="192.168.1.1"
webhost1="10.0.0.1" webhost1="10.0.0.1"
webhost2="10.0.0.2" webhost2="10.0.0.2"
sshhost1="10.0.0.3"
# #
# Global Options # Global Options
@ -43,16 +44,16 @@ service www {
} }
# #
# Relays and protocols are used for Layer 7 loadbalancing
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
# #
protocol httpssl { protocol httpssl {
protocol http
protocol http
header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close" header change "Connection" to "close"
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
# ssl session cache disable # ssl session cache disable
@ -66,3 +67,40 @@ relay wwwssl {
# Forward to hosts in the webhosts table using a src/dst hash # Forward to hosts in the webhosts table using a src/dst hash
table webhosts loadbalance table webhosts loadbalance
} }
#
# Relay and protocol for simple TCP forwarding on layer 7
#
protocol sshtcp {
protocol tcp
# The TCP_NODELAY option is required for "smooth" terminal sessions
tcp nodelay
}
relay sshgw {
# Run as a simple TCP relay
listen on $ext_addr port 2222
protocol sshtcp
# Forward to the shared carp(4) address of an internal gateway
forward to $sshhost1 port 22
}
#
# Relay and protocol for a transparent HTTP proxy
#
protocol httpfilter {
protocol http
header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
response header filter "application/*" from "Content-Type"
}
relay httpproxy {
# Listen on localhost, accept redirected connections from pf(4)
listen on 127.0.0.1 port 8080
protocol httpfilter
# Forward to the original target host
nat lookup
}

Loading…
Cancel
Save