Hi,
Am 28.03.2012 13:30, schrieb Stuart Henderson:
> Looks like this probably got broken in the proc.c privsep reorganization.
> Try 'cvs up -D 2011/05/08" in src/usr.sbin/relayd and relayctl and
rebuilding.
>
> Date: 2011/05/09 13:08:47
> Author: reyk
> Branch: HEAD
> Tag: (none)
> Log:
> Reorganize the relayd code to use the proc.c privsep API/commodity
> functions that are based on work for iked and smtpd. This simplifies
> the setup of privsep processes and moves some redundant and repeated
> code to a single place - which is always good from a quality and
> security point of view. The relayd version of proc.c is different to
> the current version in iked because it uses 1:N communications between
> processes, eg. a single parent process is talking to many forked relay
> children while iked only needs 1:1 communications.
I think this is still broken in 5.1?
/etc/pf.conf:
pass in quick log on $int_if inet proto tcp from $winibw_acl \
to $winibw port 1090:1099 tag WinIBW rdr-to lo0
pass in quick log on $int_if inet proto tcp from $winibw_acl \
to $vzlbs port 7100 tag WinIBW rdr-to lo0
/etc/relayd.conf
relay WinIBW2 {
listen on 127.0.0.1 port 1090
listen on 127.0.0.1 port 1091
listen on 127.0.0.1 port 1092
listen on 127.0.0.1 port 1093
listen on 127.0.0.1 port 1094
listen on 127.0.0.1 port 1095
listen on 127.0.0.1 port 1096
listen on 127.0.0.1 port 1097
listen on 127.0.0.1 port 1098
listen on 127.0.0.1 port 1099
forward to nat lookup
}
When I try to connect, I immediately get
relay_dispatch_pfe: session 1: expired
Any hints how to fix this in an 5.1 upgraded installation?
Thanks,
Martin
[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a name of smime.p7s]
