[FUG-BR] Relayd

Éderson Chimbida Tue, 10 May 2011 07:00:26 -0700

Pessoal sei que a lista é FreeBSD mas as listas de OpenBSD do Brasil estão
meio mortas então segue minha dúvida...


Tenho 2 firewalls com PF e rodando CARP e recentemente substitui um
proxy-balance feito no apache 2.2 pelo relayd.

Tenho 3 regras de protocolo e 3 regras para relay, onde faço relay para
webservices .net rodando em servidores IIS, basicamente faço algumas
checagens no header do http, como o host, passo o ip do cliente para o IIS
(X-Forwarded-For) e algumas checagens do user_agent

Problema que o relayd esta fechando e não faço idéia porque!

quando rodo com -d -v

relay_connect: session 762: forward failed: No route to host
relay ws_acfc, session 762 (3 active), 0, 1xx.5x.1xx.1xx -> 192.168.1.48:80,
session failed (502 Bad Gateway)
kill_tables: deleted 0 tables
flush_rulesets: flushed rules
pf update engine exiting
host check engine exiting
# socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
socket relay engine exiting

------ relayd.conf----
relayd_addr="127.0.0.1"
relay_ws_port="10082"

web_port="80"
table <47e48> { 192.168.1.47, 192.168.1.48 }

## Global Options
interval 10
timeout 200
prefork 5
log updates

http protocol "ws_xxx" {
   ### TCP performance options
   tcp { nodelay, sack, socket buffer 65536, backlog 100 }
   ### Return HTTP/HTML error pages
   return error
   ### allow logging of remote client ips to internal web servers
   header append "$REMOTE_ADDR" to "X-Forwarded-For"
   header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
   ### set Keep-Alive timeout to global timeout
   header change "Keep-Alive" to "$TIMEOUT"
   ### close connections upon receipt
   header change "Connection" to "close"
   ### Block bad or abusive User-Agents (case insensitive)
   label "BAD user agent"
   request header filter "xxxxxxxx" from "User-Agent"
   request header filter "xxxxxxxx" from "User-Agent"
   request header filter "xxxxxxxx" from "User-Agent"
   request header filter "xxxxxxxx" from "User-Agent"
   request header filter "xxxxxxxx" from "User-Agent"
   request header filter "xxxxxxxx" from "User-Agent"
   request header filter "xxxxxxxx" from "User-Agent"
   request header filter "xxxxxxxx" from "User-Agent"
   ### Block bad Referrers, (case insensitive)
   label "BAD referrer"
   request header filter "xxxxx*" from "Referer"
   request header filter "xxxxx*" from "Referer"
   request header filter "xxxxx*" from "Referer"
   request header filter "xxxxx*" from "Referer"
   request header filter "xxxxx*" from "Referer"
   request header filter "xxxxx*" from "Referer"
   ### Anonymize our webserver's name/type
   response header change "Server" to "JustSomeServer"
   ### Block requests to wrong host (case insensitive)
   label "HOST ERRADO"
   request header expect "services.xxxxx.net" from "Host"
   request header expect "servicesxx.xxxxx.net" from "Host"
   request header expect "servicesxxx.xxxxx.net" from "Host"
}


relay ws_xxx {
   ### listen and accept redirected connections from pf. For most
   ### protocol types you can also use the synproxy flag in your pf.conf
rules.
   listen on $relayd_addr port $relay_ws_port
   ### apply web filters listed above
   protocol "ws_xxx"
   ### forward to webserver(s) with load balancing and
   forward to <47e48> port $web_port mode loadbalance check icmp
}
------ relayd.conf----

Alguém pode tem alguma dica?

-- 
Éderson H. Chimbida
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

[FUG-BR] Relayd

Responder a