Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6454 Commits
49 Branches
2.1 GiB
 
 
 
 
 
 
Tree: a0c81f7a45
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a0c81f7a45'
${ noResults }
openntpd-openbsd/src/etc/relayd.conf

109 lines
2.6 KiB
Raw Blame History

# $OpenBSD: relayd.conf,v 1.14 2011/04/07 13:33:52 reyk Exp $
#
# Macros
#
ext_addr="192.168.1.1"
webhost1="10.0.0.1"
webhost2="10.0.0.2"
sshhost1="10.0.0.3"
#
# Global Options
#
# interval 10
# timeout 1000
# prefork 5
#
# Each table will be mapped to a pf table.
#
table <webhosts> { $webhost1 $webhost2 }
table <fallback> { 127.0.0.1 }
#
# Services will be mapped to a rdr rule.
#
redirect www {
listen on $ext_addr port http interface trunk0
# tag every packet that goes thru the rdr rule with RELAYD
tag RELAYD
forward to <webhosts> check http "/" code 200
forward to <fallback> check icmp
}
#
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
#
http protocol httpssl {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close"
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
# ssl session cache disable
}
relay wwwssl {
# Run as a SSL accelerator
listen on $ext_addr port 443 ssl
protocol httpssl
# Forward to hosts in the webhosts table using a src/dst hash
forward to <webhosts> port http mode loadbalance \
check http "/" code 200
}
#
# Relay and protocol for simple TCP forwarding on layer 7
#
protocol sshtcp {
# The TCP_NODELAY option is required for "smooth" terminal sessions
tcp nodelay
}
relay sshgw {
# Run as a simple TCP relay
listen on $ext_addr port 2222
protocol sshtcp
# Forward to the shared carp(4) address of an internal gateway
forward to $sshhost1 port 22
}
#
# Relay and protocol for a transparent HTTP proxy
#
http protocol httpfilter {
# Return HTTP/HTML error pages to the client
return error
# Block disallowed sites
label "URL filtered!"
request url filter "www.example.com/"
# Block disallowed browsers
label "Please try a <em>different Browser</em>"
header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
# Block some well-known Instant Messengers
label "Instant messenger disallowed!"
response header filter "application/x-msn-messenger" from "Content-Type"
response header filter "app/x-hotbar-xip20" from "Content-Type"
response header filter "application/x-icq" from "Content-Type"
response header filter "AIM/HTTP" from "Content-Type"
response header filter "application/x-comet-log" from "Content-Type"
}
relay httpproxy {
# Listen on localhost, accept diverted connections from pf(4)
listen on 127.0.0.1 port 8080
protocol httpfilter
# Forward to the original target host
forward to destination
}