Hi,
Since upgrading one of our OpenBSD firewalls on Monday last
week we have been having serious stability issues with relayd as its
been randomly exiting after only a few hours of being started. We were
in the same situation a few years ago when we did a previous upgrade of
OBSD and at that time I think we reverted some of the servers to a
previous build of OBSD, I think we also committed out some parts of our
relayd.conf file until things became stable and we left it like that
till we upgraded last week.
I've got a feeling that the crashes are related to the only "relay" that
we have called "http_forwarder" and to the protocol we've called "http"
where we add the X-Forwarded header. Previous to the recent upgrade the
"match header append "X-Forwarded-For"..." line had been commented out
and I am assuming that that was the reason that it had been stable.
After the first or second crash last week I think we removed the "http"
protocol from our relayd.conf and that made things stable again but we
need to get the X-Forwarded-For header working so I re enabled it again
today along with some minor other edits but relayd has died again...
After searching around I found this but am not sure if it's related to
our issue.... http://permalink.gmane.org/gmane.os.openbsd.misc/220963
If anyone can help it would be appreciated as I am unsure how or what to
do next.
Thanks,
Keith
I left relayd running in the foreground with verbose enabled and below
are the last few log lines.
relay http_forwarder, session 8734 (440 active), 0, XX.XX.XX.174 -> :0,
no method (406 Not Acceptable), POST
ca exiting, pid 26811
ca exiting, pid 17254
pfe exiting, pid 26999
ca exiting, pid 29382
ca exiting, pid 7976
ca exiting, pid 24659
hce exiting, pid 16102
relay exiting, pid 9783
relay exiting, pid 19514
relay exiting, pid 12042
relay exiting, pid 13716
parent terminating, pid 29733
Our relayd.conf file....
Interval 60
timeout 8000
prefork 5
log updates
table <web_hosts> { 192.168.XX.aa, 192.168.XX.bb }
http protocol "http" {
match header append "X-Forwarded-For" value "$REMOTE_ADDR"
return error
}
redirect "http_Main" {
listen on 192.168.xx.2 port 80 interface vlanXX
listen on 192.168.xx.3 port 80 interface vlanXX
match pftag http_Main
forward to <web_hosts> port 82 check http "/" code 200
}
redirect "https_Main" {
listen on 192.168.xx.2 port 443 interface vlanXX
match pftag https_Main
forward to <web_hosts> port 443 check tcp
}
redirect "https_Other" {
listen on 192.168.xx.3 port 443 interface vlanXX
match pftag https_NN_Only
forward to <web_hosts> port 445 check tcp
}
relay "http_forwarder" {
listen on 127.0.0.1 port 8080
protocol "http"
forward to <web_hosts> port 82 mode loadbalance check http "/" code 200
}
relay "SSL_Generic" {
listen on 127.0.0.1 port 9441
forward to <web_hosts> port 443 mode loadbalance check tcp
}
relay "SSL_Other" {
listen on 127.0.0.1 port 9444
forward to <web_hosts> port 445 mode loadbalance check tcp
}
