On Sat, Mar 11, 2017 at 09:48:27PM -0800, Dave Cohen wrote: > I'm struggling to figure out why network traffic is not making it to a > service I'm running. > > What I'm trying to do is serve http and https from a non-standard server. > (Called `caddy`, if you're curious). I want to run this thing as non-root > user. I'm not aware of any way to have the non-root user open ports 80 or > 443. Which is great, so long as I can get traffic to those port to be > redirected to my server, which I have listening on 8080 and 8443 respectively. > > I prefer the TLS traffic to 443 terminate at my server on 8443. And I've > been trying to do this with relayd redirects. > > [...] > > My questions for this group are (a) is there a smarter way than what I'm > trying? And if not (b) what am I doing wrong? Thanks in advance for any > info! >
does pf(4) rules shouldn't be better for that, instead of using relayd(8) ? something like these (untested) rules: pass in on egress proto tcp from any to (self) port 80 rdr-to 127.0.0.1 port 8080 pass in on egress proto tcp from any to (self) port 443 rdr-to 127.0.0.1 port 8443 see pf.conf(5) and https://www.openbsd.org/faq/pf/rdr.html -- Sebastien Marie
