Re: Multiple web servers behind NAT

Wed, 05 Oct 2016 05:45:03 -0700 

Yes, my servers share the same ext IP. 
It is 5.9. I am trying to configure relayd. I commented out previous "rdr-to" 
rules from /etc/pf.conf and added as below.
10.0.30.101, 10.0.30.201 - it is not a mistake - ( 10.0.8.11, 10.0.8.22 was 
just an exemplary IP)
All websites are unreachable now.

#grep relayd /etc/pf.conf
anchor "relayd/*"

#relayd -n
configuration OK

#cat /etc/relayd.conf
ext_addr="msk0" 
host1="10.0.30.101" 
host2="10.0.30.201" 

table <www_101> { $host1 } 
table <www_201> { $host2 } 

http protocol "web_one" { 
   return error
   pass
   match request header "Host" value "1.domain.com" forward to <www_101> 
} 

http protocol "web_two" { 
   return error
   pass
   match request header "Host" value "4.domain.com" forward to <www_201> 
} 

relay relay_one { 
   listen on $ext_addr port 80 
   protocol "web_one" 
   forward to <www_101> check tcp port 80 
} 

relay relay_two { 
   listen on $ext_addr port 80 
   protocol "web_two" 
   forward to <www_201> check tcp port 80
}

#/etc/rc.d/relayd -df restart
doing _rc_parse_conf
doing _rc_quirks
relayd_flags empty, using default ><
doing _rc_read_runfile
doing _rc_parse_conf
doing _rc_quirks
relayd_flags empty, using default ><
doing _rc_read_runfile
doing rc_check
relayd
doing rc_stop
doing _rc_wait stop
doing rc_check
doing rc_check
doing _rc_rm_runfile
(ok)
doing _rc_parse_conf
doing _rc_quirks
relayd_flags empty, using default ><
doing _rc_read_runfile
doing rc_check
relayd
doing rc_pre
configuration OK
doing rc_start
doing _rc_wait start
doing rc_check
doing _rc_write_runfile
(ok)


On Fri, 30 Sep 2016 07:26:22 -0400
Josh Grosse <[email protected]> wrote:

> On Fri, Sep 30, 2016 at 11:42:11AM +0200, Radek wrote:
> > Hi, 
> > I have one web_serwer_1 behind OpenBSD 5.9 router/NAT with single IP. 
> > 
> > web_serwer_1 -apache,virtualhosts- (10.0.8.11):
> > 1.domain.com
> > 2.domain.com
> > 3.domain.com
> > 
> > pf.conf:
> > pass in log quick on $ext_if inet proto tcp from any to $ext_if port 80 
> > rdr-to $web_serwer_1 port 80 set prio (1, 6) keep state
> > pass in log quick on $ext_if inet proto tcp from any to $ext_if port 443 
> > rdr-to $web_serwer_1 port 443 set prio (1, 6) keep state
> > 
> > Everything works fine.
> > 
> > Now, I need to add another web_serwer_2. It would be the "main" web server.
> >  
> > web_serwer_2 - native httpd,virtualhosts- (10.0.8.22):
> > 4.domain.com
> > 5.domain.com
> > 6.domain.com
> > 
> > How can I make it work?
> > Any help appreciated.
> 
> If the two web servers share the same external IP address, use relayd(8),
> as it is designed to inspect HTTP URLs.
> 


-- 
radek

Reply via email to