Hello, I am trying to solve a problem and I am really out of ideas.
I want to use relayd to setup a transparent reversed proxy with ssl offloading for a local daemon. The data flow is the follwing: Client ------>| $ext_if relayd box lo0 (local daemon) | It is possible for local daemon to see the original client ip, instead of 127.0.0.1 ? The original client IP should arrive to the local daemon, because it is needed in further operations. If it would have been only logging that would have been a problem. I am aware of the setup describe here: http://marc.info/?l=openbsd-misc&m=130479125318862&w=2 but I do not know how to obtain this behaviour with a local bounded daemon. This local daemon is running under an unpriviledged user. I have the follwing setup: in /etc/relayd.conf: ext_addr="192.162.16.133" protocol tcp_ssl_prot { # Various TCP performance options tcp { nodelay, sack, socket buffer 65536, backlog 128 } ssl { no sslv2, sslv3, tlsv1, ciphers "HIGH" } ssl session cache disable } relay tcp_ssl_inet4 { # Run as a SSL accelerator listen on $ext_addr port 1122 ssl protocol "tcp_ssl_prot" # Forward to hosts in the webhosts table using a src/dst hash transparent forward to 127.0.0.1 port 1133 interface lo0 } pf is disabled (in pf.conf I really do not know what should I put) Any idea very much appreciated. Thank you very much, Bogdan
