Dear list,
i'm playing around with a squid setup, where the http traffic from a client is
transparently routed from the gateway (openbsd 6.3) to two squid caches (squid
3.5.28). This means the caches are _not_ placed on the gateway.
With PF this is very easy to achieve:
pass in quick on $INT_IF inet proto tcp from $CLIENT to any port 80 \
route-to { ( $DMZ_IF $SQUID_1), (trunk2 SQUID_2) } least-states
So far, so good. My next goal is redundancy. In other words the gateway should
stop routing traffic to an unreachable cache. Imho I thought this is very easy
to achieve with the help of relayd.
To map the upper PF rule to a fully redundant setup, I tried something like
this:
PF:
pass in quick on $INT_IF inet proto tcp from $CLIENT to any port http \
divert-to 127.0.0.1 port 3130
Relayd:
relay webproxy_3130 {
listen on 127.0.0.1 port 3130
transparent forward to <squid_3130> port 80 check tcp mode loadbalance
}
But of course this doesn't work because the relay translates the destination
address which it should not. I didn't found any options like a pf route-to for
relays and think it wouldn't make much sense in the context of relays.
Relayd supports a route-to option for redirects but I dind't found a working
configuration.
Perhaps this is all broken by design. If so could somebody point me out a better
solution (haproxy in front of the caches)?
Any help would be greatly appreciated.
Thanks
