Repare na linha:
relay_connect: session 762: forward failed: No route to host
O firewall pinga os demais hosts?
acessa porta 80?
Em 10 de maio de 2011 10:58, Éderson Chimbida <chimb...@gmail.com> escreveu:
> Pessoal sei que a lista é FreeBSD mas as listas de OpenBSD do Brasil estão
> meio mortas então segue minha dúvida...
>
> Tenho 2 firewalls com PF e rodando CARP e recentemente substitui um
> proxy-balance feito no apache 2.2 pelo relayd.
>
> Tenho 3 regras de protocolo e 3 regras para relay, onde faço relay para
> webservices .net rodando em servidores IIS, basicamente faço algumas
> checagens no header do http, como o host, passo o ip do cliente para o IIS
> (X-Forwarded-For) e algumas checagens do user_agent
>
> Problema que o relayd esta fechando e não faço idéia porque!
>
> quando rodo com -d -v
>
> relay_connect: session 762: forward failed: No route to host
> relay ws_acfc, session 762 (3 active), 0, 1xx.5x.1xx.1xx -> 192.168.1.48:80,
> session failed (502 Bad Gateway)
> kill_tables: deleted 0 tables
> flush_rulesets: flushed rules
> pf update engine exiting
> host check engine exiting
> # socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
>
> ------ relayd.conf----
> relayd_addr="127.0.0.1"
> relay_ws_port="10082"
>
> web_port="80"
> table <47e48> { 192.168.1.47, 192.168.1.48 }
>
> ## Global Options
> interval 10
> timeout 200
> prefork 5
> log updates
>
> http protocol "ws_xxx" {
> ### TCP performance options
> tcp { nodelay, sack, socket buffer 65536, backlog 100 }
> ### Return HTTP/HTML error pages
> return error
> ### allow logging of remote client ips to internal web servers
> header append "$REMOTE_ADDR" to "X-Forwarded-For"
> header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
> ### set Keep-Alive timeout to global timeout
> header change "Keep-Alive" to "$TIMEOUT"
> ### close connections upon receipt
> header change "Connection" to "close"
> ### Block bad or abusive User-Agents (case insensitive)
> label "BAD user agent"
> request header filter "xxxxxxxx" from "User-Agent"
> request header filter "xxxxxxxx" from "User-Agent"
> request header filter "xxxxxxxx" from "User-Agent"
> request header filter "xxxxxxxx" from "User-Agent"
> request header filter "xxxxxxxx" from "User-Agent"
> request header filter "xxxxxxxx" from "User-Agent"
> request header filter "xxxxxxxx" from "User-Agent"
> request header filter "xxxxxxxx" from "User-Agent"
> ### Block bad Referrers, (case insensitive)
> label "BAD referrer"
> request header filter "xxxxx*" from "Referer"
> request header filter "xxxxx*" from "Referer"
> request header filter "xxxxx*" from "Referer"
> request header filter "xxxxx*" from "Referer"
> request header filter "xxxxx*" from "Referer"
> request header filter "xxxxx*" from "Referer"
> ### Anonymize our webserver's name/type
> response header change "Server" to "JustSomeServer"
> ### Block requests to wrong host (case insensitive)
> label "HOST ERRADO"
> request header expect "services.xxxxx.net" from "Host"
> request header expect "servicesxx.xxxxx.net" from "Host"
> request header expect "servicesxxx.xxxxx.net" from "Host"
> }
>
>
> relay ws_xxx {
> ### listen and accept redirected connections from pf. For most
> ### protocol types you can also use the synproxy flag in your pf.conf
> rules.
> listen on $relayd_addr port $relay_ws_port
> ### apply web filters listed above
> protocol "ws_xxx"
> ### forward to webserver(s) with load balancing and
> forward to <47e48> port $web_port mode loadbalance check icmp
> }
> ------ relayd.conf----
>
> Alguém pode tem alguma dica?
>
> --
> Éderson H. Chimbida
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
