Browse Source

some changes to the relayd.conf configuration language and grammar.

the tables will look more like pf tables, it is easier to re-use
tables with different options, "services" will become "redirections"
(they refer to rdr pf rules), sync configuration directives of
redirect (l3, ex-service) relay (l7) sections (for example "virtual
host" will become "listen on"), all target definitions will start with
"forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf)
discussed with pyr and deraadt
ok pyr@
OPENBSD_4_3
reyk 17 years ago
parent
commit
ce21ececea
1 changed files with 13 additions and 27 deletions
  1. +13
    -27
      src/etc/relayd.conf

+ 13
- 27
src/etc/relayd.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: relayd.conf,v 1.10 2007/12/07 17:17:00 reyk Exp $
# $OpenBSD: relayd.conf,v 1.11 2007/12/08 17:07:08 reyk Exp $
#
# Macros
#
@ -17,37 +17,26 @@ sshhost1="10.0.0.3"
#
# Each table will be mapped to a pf table.
#
table webhosts {
real port http
check http "/" code 200
host $webhost1
host $webhost2
}
table fallback {
real port http
check icmp
host 127.0.0.1
}
table <webhosts> { $webhost1 $webhost2 }
table <fallback> { 127.0.0.1 }
#
# Services will be mapped to a rdr rule.
#
service www {
virtual host $ext_addr port http interface trunk0
redirect www {
listen on $ext_addr port http interface trunk0
# tag every packet that goes thru the rdr rule with RELAYD
tag RELAYD
table webhosts
backup table fallback
forward to <webhosts> check http "/" code 200
forward to <fallback> check icmp
}
#
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
#
protocol httpssl {
protocol http
http protocol httpssl {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close"
@ -65,15 +54,14 @@ relay wwwssl {
protocol httpssl
# Forward to hosts in the webhosts table using a src/dst hash
table webhosts loadbalance
forward to <webhosts> port http mode loadbalance \
check http "/" code 200
}
#
# Relay and protocol for simple TCP forwarding on layer 7
#
protocol sshtcp {
protocol tcp
tcp protocol sshtcp {
# The TCP_NODELAY option is required for "smooth" terminal sessions
tcp nodelay
}
@ -90,9 +78,7 @@ relay sshgw {
#
# Relay and protocol for a transparent HTTP proxy
#
protocol httpfilter {
protocol http
http protocol httpfilter {
# Return HTTP/HTML error pages to the client
return error
@ -115,5 +101,5 @@ relay httpproxy {
protocol httpfilter
# Forward to the original target host
nat lookup
forward to nat lookup
}

Loading…
Cancel
Save