On Thu, November 2, 2017 2:17 pm, Bryan C. Everly wrote:
> Hi misc@,
>
> I have a use case where I'm using OpenBSD 6.2 as my router/firewall
> and there are several websites that sit behind it on separate servers
> (let's call them http://one.com, http://two.com and http://three.com
>
> I'd like to be able to have just a single IP address exposed through
> DNS for all three of them (it's a home cablemodem and I only have one
> public IP address) and then use something on OpenBSD (pf? relayd?) to
> route the traffic to the appropriate private IP address on the LAN
> side of the network.
>
> In looking at the manpage for relayd and relayd.conf, I'm wondering if
> I could set up a relay using something like this:
>
> table <one> { 192.168.1.2 }
> table <two> { 192.168.1.3 }
> table <three> { 192.168.1.4 }
>
> redirect "one" {
> listen on one.com port 80
> forward to <one>
> }
>
> redirect "two" {
> listen on two.com port 80
> forward to <two>
> }
>
> redirect "three" {
> listen on three.com port 80
> forward to <three>
> }
>
> I've tried this and even after re-reading the manpage and seeing that
> I needed to add the "anchor" bit to my pf.conf I'm still not getting
> what I'm looking for. Perhaps I'm using the wrong tool for the job?
>
> Thanks in advance for any suggestions or knocks on the head!
>
> Thanks,
> Bryan
>
You can't have multiple redirects on the same IP and port. DNS isn't
known at that layer.
If you have only one external IP, you have to use a relay and
pass...forward to the host based on HOST header value.
Somethin like this:
ext_addr="xxx.xxx.xxx.xxx"
#
# Global Options
#
interval 20
timeout 2000
prefork 5
#
# Each table will be mapped to a pf table.
#
table <web1> { 192.168.1.10 }
table <web2> { 192.168.1.11 }
table <web3> { 192.168.1.12 }
table <fallback> { 127.0.0.1 }
#
# Relay and protocol for HTTP layer 7 loadbalancing and SSL/TLS acceleration
#
http protocol http {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
match request header log "Host"
pass request quick header "Host" value "web1.com" forward to <web1>
pass request quick header "Host" value "web2.com" forward to <web2>
pass request quick header "Host" value "web3.com" forward to <web3>
pass quick forward to <fallback>
return error style "body {background: white; color black; }"
# Various TCP performance options
tcp { nodelay, sack, splice, socket buffer 65536, backlog 128 }
}
relay www {
listen on $ext_addr port 80
protocol http
forward to <web1> port http check http "/index.html" code 200
forward to <web2> port http check http "/index.html" code 200
forward to <web3> port http check http "/index.html" code 200
forward to <fallback> port 8080 check http "/index.html" code 200
}
