summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2007-10-22 08:44:55 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2007-10-22 08:44:55 +0000
commitc15e626c14fca72c0fc0154a33144a043b8a0510 (patch)
treea3b992734ff562929d53b86e65830beed71e25c7
parentf30159bb8d62ea7cf82635776149596564623860 (diff)
add additional relay examples: simple non-SSL TCP relay, transparent
HTTP proxy. this makes it easier to test hoststated. ok pyr@
-rw-r--r--etc/hoststated.conf48
-rw-r--r--etc/relayd.conf48
2 files changed, 86 insertions, 10 deletions
diff --git a/etc/hoststated.conf b/etc/hoststated.conf
index bba797b77a5..995d924ebfb 100644
--- a/etc/hoststated.conf
+++ b/etc/hoststated.conf
@@ -1,10 +1,11 @@
-# $OpenBSD: hoststated.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $
+# $OpenBSD: hoststated.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $
#
# Macros
#
ext_addr="192.168.1.1"
webhost1="10.0.0.1"
webhost2="10.0.0.2"
+sshhost1="10.0.0.3"
#
# Global Options
@@ -43,16 +44,16 @@ service www {
}
#
-# Relays and protocols are used for Layer 7 loadbalancing
+# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
#
protocol httpssl {
- protocol http
+ protocol http
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close"
- # Various TCP performance options
- tcp { nodelay, sack, socket buffer 65536, backlog 128 }
+ # Various TCP performance options
+ tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
# ssl session cache disable
@@ -66,3 +67,40 @@ relay wwwssl {
# Forward to hosts in the webhosts table using a src/dst hash
table webhosts loadbalance
}
+
+#
+# Relay and protocol for simple TCP forwarding on layer 7
+#
+protocol sshtcp {
+ protocol tcp
+
+ # The TCP_NODELAY option is required for "smooth" terminal sessions
+ tcp nodelay
+}
+
+relay sshgw {
+ # Run as a simple TCP relay
+ listen on $ext_addr port 2222
+ protocol sshtcp
+
+ # Forward to the shared carp(4) address of an internal gateway
+ forward to $sshhost1 port 22
+}
+
+#
+# Relay and protocol for a transparent HTTP proxy
+#
+protocol httpfilter {
+ protocol http
+ header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
+ response header filter "application/*" from "Content-Type"
+}
+
+relay httpproxy {
+ # Listen on localhost, accept redirected connections from pf(4)
+ listen on 127.0.0.1 port 8080
+ protocol httpfilter
+
+ # Forward to the original target host
+ nat lookup
+}
diff --git a/etc/relayd.conf b/etc/relayd.conf
index ff12fe36cb2..cf22b2c6b56 100644
--- a/etc/relayd.conf
+++ b/etc/relayd.conf
@@ -1,10 +1,11 @@
-# $OpenBSD: relayd.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $
+# $OpenBSD: relayd.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $
#
# Macros
#
ext_addr="192.168.1.1"
webhost1="10.0.0.1"
webhost2="10.0.0.2"
+sshhost1="10.0.0.3"
#
# Global Options
@@ -43,16 +44,16 @@ service www {
}
#
-# Relays and protocols are used for Layer 7 loadbalancing
+# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
#
protocol httpssl {
- protocol http
+ protocol http
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close"
- # Various TCP performance options
- tcp { nodelay, sack, socket buffer 65536, backlog 128 }
+ # Various TCP performance options
+ tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
# ssl session cache disable
@@ -66,3 +67,40 @@ relay wwwssl {
# Forward to hosts in the webhosts table using a src/dst hash
table webhosts loadbalance
}
+
+#
+# Relay and protocol for simple TCP forwarding on layer 7
+#
+protocol sshtcp {
+ protocol tcp
+
+ # The TCP_NODELAY option is required for "smooth" terminal sessions
+ tcp nodelay
+}
+
+relay sshgw {
+ # Run as a simple TCP relay
+ listen on $ext_addr port 2222
+ protocol sshtcp
+
+ # Forward to the shared carp(4) address of an internal gateway
+ forward to $sshhost1 port 22
+}
+
+#
+# Relay and protocol for a transparent HTTP proxy
+#
+protocol httpfilter {
+ protocol http
+ header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
+ response header filter "application/*" from "Content-Type"
+}
+
+relay httpproxy {
+ # Listen on localhost, accept redirected connections from pf(4)
+ listen on 127.0.0.1 port 8080
+ protocol httpfilter
+
+ # Forward to the original target host
+ nat lookup
+}