|
@ -1,10 +1,11 @@ |
|
|
# $OpenBSD: hoststated.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $ |
|
|
|
|
|
|
|
|
# $OpenBSD: hoststated.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $ |
|
|
# |
|
|
# |
|
|
# Macros |
|
|
# Macros |
|
|
# |
|
|
# |
|
|
ext_addr="192.168.1.1" |
|
|
ext_addr="192.168.1.1" |
|
|
webhost1="10.0.0.1" |
|
|
webhost1="10.0.0.1" |
|
|
webhost2="10.0.0.2" |
|
|
webhost2="10.0.0.2" |
|
|
|
|
|
sshhost1="10.0.0.3" |
|
|
|
|
|
|
|
|
# |
|
|
# |
|
|
# Global Options |
|
|
# Global Options |
|
@ -43,16 +44,16 @@ service www { |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
# |
|
|
# |
|
|
# Relays and protocols are used for Layer 7 loadbalancing |
|
|
|
|
|
|
|
|
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration |
|
|
# |
|
|
# |
|
|
protocol httpssl { |
|
|
protocol httpssl { |
|
|
protocol http |
|
|
|
|
|
|
|
|
protocol http |
|
|
header append "$REMOTE_ADDR" to "X-Forwarded-For" |
|
|
header append "$REMOTE_ADDR" to "X-Forwarded-For" |
|
|
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" |
|
|
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" |
|
|
header change "Connection" to "close" |
|
|
header change "Connection" to "close" |
|
|
|
|
|
|
|
|
# Various TCP performance options |
|
|
|
|
|
tcp { nodelay, sack, socket buffer 65536, backlog 128 } |
|
|
|
|
|
|
|
|
# Various TCP performance options |
|
|
|
|
|
tcp { nodelay, sack, socket buffer 65536, backlog 128 } |
|
|
|
|
|
|
|
|
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } |
|
|
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } |
|
|
# ssl session cache disable |
|
|
# ssl session cache disable |
|
@ -66,3 +67,40 @@ relay wwwssl { |
|
|
# Forward to hosts in the webhosts table using a src/dst hash |
|
|
# Forward to hosts in the webhosts table using a src/dst hash |
|
|
table webhosts loadbalance |
|
|
table webhosts loadbalance |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# |
|
|
|
|
|
# Relay and protocol for simple TCP forwarding on layer 7 |
|
|
|
|
|
# |
|
|
|
|
|
protocol sshtcp { |
|
|
|
|
|
protocol tcp |
|
|
|
|
|
|
|
|
|
|
|
# The TCP_NODELAY option is required for "smooth" terminal sessions |
|
|
|
|
|
tcp nodelay |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
relay sshgw { |
|
|
|
|
|
# Run as a simple TCP relay |
|
|
|
|
|
listen on $ext_addr port 2222 |
|
|
|
|
|
protocol sshtcp |
|
|
|
|
|
|
|
|
|
|
|
# Forward to the shared carp(4) address of an internal gateway |
|
|
|
|
|
forward to $sshhost1 port 22 |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# |
|
|
|
|
|
# Relay and protocol for a transparent HTTP proxy |
|
|
|
|
|
# |
|
|
|
|
|
protocol httpfilter { |
|
|
|
|
|
protocol http |
|
|
|
|
|
header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent" |
|
|
|
|
|
response header filter "application/*" from "Content-Type" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
relay httpproxy { |
|
|
|
|
|
# Listen on localhost, accept redirected connections from pf(4) |
|
|
|
|
|
listen on 127.0.0.1 port 8080 |
|
|
|
|
|
protocol httpfilter |
|
|
|
|
|
|
|
|
|
|
|
# Forward to the original target host |
|
|
|
|
|
nat lookup |
|
|
|
|
|
} |