Hi I don't know if you have seen this article at https://calomel.org/relayd.html , and or if it can help you . Den 28/03/2012 11.10 skrev "Schmurfy" <schmu...@gmail.com>:
> Hi, > > Mike Belopuhov: > I tried with your patch but nothing more is shown, when I connect the > client I just get: > > proc_dispatch: parent 1 got imsg 42 from relay 4 > proc_dispatch: relay 1 got imsg 42 from parent > relay_dispatch_parent: session 1: expired > > The thing that is really bothering me is that "expired" line, I tried to > trace it in the code by adding debugging message but the session it does > not found (expired) > was correctly created and I cannot find any point where it would be > destroyed (I added debug messages on every SPLAY_* call I found touching > rlay->rl_sessions). > > > > Marios Makassikis: > I already found this thread (and in fact that's the only real documentation > I found on transparent mode) but I do what is written there. > > I tried adding your rule and connecting on port 80 with: > $ curl http://192.168.20.1:80 > > but I have the same problem, the connection is accepted by relayd but I see > no outgoing packets with: > $ tcpdump -plni em1 host 192.168.33.11 > > and I checked the route again just to be sure (ping works too): > $ route -n get 192.168.33.11 > route to: 192.168.33.11 > destination: 192.168.33.11 > interface: em1 > if address: 192.168.33.10 > priority: 4 (connected) > flags: <UP,HOST,DONE,LLINFO,CLONED> > use mtu expire > 2 0 840 > > In the post you linked the author mention the three way of using > transparent and the first usecase is > "A normal listener on an IP address that is directly reachable by clients" > which is what I do :/ > > On 27 March 2012 19:18, Marios Makassikis <mmakassi...@gmail.com> wrote: > > > Hi, > > > > You need to tell PF to intercept packets and redirect them to the relayd > > process. > > > > pass in on em2 inet proto tcp to any port www divert-to 192.168.20.1 port > > 8000 > > > > pass out log(all) on em1 divert-reply > > > > You can find some more detailed information regarding relayd transparent > > proxying in this thread: > > http://marc.info/?l=openbsd-misc&m=130479125318862&w=2 > > > > After reloading PF, keep in mind that you have to change your test, i.e.: > > connect to > > your server on port 80, not port 8000. > > > > Marios. > > > > > > > > On 27 March 2012 15:18, Schmurfy <schmu...@gmail.com> wrote: > > > >> Hi, > >> I am trying to forward port using relayd which works but what I really > >> need > >> is transparent relaying and I cannot make that one works :/ > >> > >> I have one OpenBSD 5.0 server with two network card (em0 can be > ignored): > >> - em1: 192.168.33.10/24 > >> - em2: 192.168.20.1/24 > >> > >> And another machine acting as server: > >> - em1: 192.168.33.11/24 > >> > >> My computer (client) is connected to the server on em2 and the server > and > >> router are connected with their em1 interfaces, the server use the > router > >> as its default route. > >> > >> Here is my working configuration in non transparent mode: > >> pf.conf: > >> set skip on lo > >> anchor "relayd/*" > >> pass # to establish keep-state > >> > >> > >> relayd.conf: > >> relay banana { > >> listen on "192.168.20.1" port 8000 > >> forward to "192.168.33.11" port 80 > >> } > >> > >> > >> > >> After restarting relayd I connect with "curl http://192.168.20.1:8000"; > >> and > >> I get the page served by the server machine, eveything is fine. > >> > > > > > >> Now I tried switching to a transparent relay, I added this in pf.conf: > >> pass out log(all) on em1 divert-reply > >> > >> and my relayd.conf now looks like this: > >> relay banana { > >> listen on "192.168.20.1" port 8000 > >> transparent forward to "192.168.33.11" port 80 interface em1 > >> } > >> > >> > >> After restarting relayd and reloading pf.conf if I start curl again I > >> successfully connects to the relayd process but it never even tries to > >> connect to the http server on the server machine :/ > >> > >> I did some tests to ensure the routing was correct and the SO_BINDANY > >> option was working by running this command on the router: > >> nc -s 192.168.20.254 192.168.33.11 80 > >> > >> When I do this it connects and if I type "GET /" it returns the web page > >> and the server sees a connection from 192.168.20.254 so it seems to > work. > >> > >> > >> For some reason relayd cannot open the socket but I have no idea why... > >> relayd logging is not very helpful, I managed to force it in debug mode > >> and > >> I got this: > >> > >> proc_dispatch: parent 1 got imsg 42 from relay 4 > >> proc_dispatch: relay 1 got imsg 42 from parent 0 > >> relay_dispatch_parent: session 1: expired > >> proc_dispatch: pfe 1 got imsg 39 from relay 4 > >> # (previous line repeated a lot of time) > >> > >> relay banana, session 1 (1 active), 0, 192.168.20.254 -> :80, bindany > >> failed, invalid socket > >> # (after the previous line the connection with curl is closed) > >> > >> proc_dispatch: pfe 1 got imsg 39 from relay 4 > >> # (previous line repeated until I hit Ctrl+C) > >> > >> Any idea why relayd would fails to establish the connection ? I am now > >> digging into the relayd sources trying to find something helpful but not > >> much luck for now. > >> > >> Thanks for any help, it's really driving me crazy...
