Hi Keith, please update relayd to the version from current and see if this fixes your problems. quite a few bugs were fixed since 5.7 release.
/Benno Keith(ke...@scott-land.net) on 2015.07.20 23:55:43 +0100: > Hi, > Since upgrading one of our OpenBSD firewalls on Monday last > week we have been having serious stability issues with relayd as its > been randomly exiting after only a few hours of being started. We were > in the same situation a few years ago when we did a previous upgrade of > OBSD and at that time I think we reverted some of the servers to a > previous build of OBSD, I think we also committed out some parts of our > relayd.conf file until things became stable and we left it like that > till we upgraded last week. > > I've got a feeling that the crashes are related to the only "relay" that > we have called "http_forwarder" and to the protocol we've called "http" > where we add the X-Forwarded header. Previous to the recent upgrade the > "match header append "X-Forwarded-For"..." line had been commented out > and I am assuming that that was the reason that it had been stable. > > After the first or second crash last week I think we removed the "http" > protocol from our relayd.conf and that made things stable again but we > need to get the X-Forwarded-For header working so I re enabled it again > today along with some minor other edits but relayd has died again... > > After searching around I found this but am not sure if it's related to > our issue.... http://permalink.gmane.org/gmane.os.openbsd.misc/220963 > > If anyone can help it would be appreciated as I am unsure how or what to > do next. > > Thanks, > > Keith > > I left relayd running in the foreground with verbose enabled and below > are the last few log lines. > > relay http_forwarder, session 8734 (440 active), 0, XX.XX.XX.174 -> :0, > no method (406 Not Acceptable), POST > ca exiting, pid 26811 > ca exiting, pid 17254 > pfe exiting, pid 26999 > ca exiting, pid 29382 > ca exiting, pid 7976 > ca exiting, pid 24659 > hce exiting, pid 16102 > relay exiting, pid 9783 > relay exiting, pid 19514 > relay exiting, pid 12042 > relay exiting, pid 13716 > parent terminating, pid 29733 > > Our relayd.conf file.... > > Interval 60 > timeout 8000 > prefork 5 > log updates > > table <web_hosts> { 192.168.XX.aa, 192.168.XX.bb } > > http protocol "http" { > match header append "X-Forwarded-For" value "$REMOTE_ADDR" > return error > } > > redirect "http_Main" { > listen on 192.168.xx.2 port 80 interface vlanXX > listen on 192.168.xx.3 port 80 interface vlanXX > match pftag http_Main > forward to <web_hosts> port 82 check http "/" code 200 > } > > redirect "https_Main" { > listen on 192.168.xx.2 port 443 interface vlanXX > match pftag https_Main > forward to <web_hosts> port 443 check tcp > } > > redirect "https_Other" { > listen on 192.168.xx.3 port 443 interface vlanXX > match pftag https_NN_Only > forward to <web_hosts> port 445 check tcp > } > > relay "http_forwarder" { > listen on 127.0.0.1 port 8080 > protocol "http" > forward to <web_hosts> port 82 mode loadbalance check http "/" code 200 > } > > relay "SSL_Generic" { > listen on 127.0.0.1 port 9441 > forward to <web_hosts> port 443 mode loadbalance check tcp > } > > relay "SSL_Other" { > listen on 127.0.0.1 port 9444 > forward to <web_hosts> port 445 mode loadbalance check tcp > } > --
