diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-10-22 08:44:55 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-10-22 08:44:55 +0000 |
commit | c15e626c14fca72c0fc0154a33144a043b8a0510 (patch) | |
tree | a3b992734ff562929d53b86e65830beed71e25c7 | |
parent | f30159bb8d62ea7cf82635776149596564623860 (diff) |
add additional relay examples: simple non-SSL TCP relay, transparent
HTTP proxy. this makes it easier to test hoststated.
ok pyr@
-rw-r--r-- | etc/hoststated.conf | 48 | ||||
-rw-r--r-- | etc/relayd.conf | 48 |
2 files changed, 86 insertions, 10 deletions
diff --git a/etc/hoststated.conf b/etc/hoststated.conf index bba797b77a5..995d924ebfb 100644 --- a/etc/hoststated.conf +++ b/etc/hoststated.conf @@ -1,10 +1,11 @@ -# $OpenBSD: hoststated.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $ +# $OpenBSD: hoststated.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $ # # Macros # ext_addr="192.168.1.1" webhost1="10.0.0.1" webhost2="10.0.0.2" +sshhost1="10.0.0.3" # # Global Options @@ -43,16 +44,16 @@ service www { } # -# Relays and protocols are used for Layer 7 loadbalancing +# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration # protocol httpssl { - protocol http + protocol http header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header change "Connection" to "close" - # Various TCP performance options - tcp { nodelay, sack, socket buffer 65536, backlog 128 } + # Various TCP performance options + tcp { nodelay, sack, socket buffer 65536, backlog 128 } # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } # ssl session cache disable @@ -66,3 +67,40 @@ relay wwwssl { # Forward to hosts in the webhosts table using a src/dst hash table webhosts loadbalance } + +# +# Relay and protocol for simple TCP forwarding on layer 7 +# +protocol sshtcp { + protocol tcp + + # The TCP_NODELAY option is required for "smooth" terminal sessions + tcp nodelay +} + +relay sshgw { + # Run as a simple TCP relay + listen on $ext_addr port 2222 + protocol sshtcp + + # Forward to the shared carp(4) address of an internal gateway + forward to $sshhost1 port 22 +} + +# +# Relay and protocol for a transparent HTTP proxy +# +protocol httpfilter { + protocol http + header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent" + response header filter "application/*" from "Content-Type" +} + +relay httpproxy { + # Listen on localhost, accept redirected connections from pf(4) + listen on 127.0.0.1 port 8080 + protocol httpfilter + + # Forward to the original target host + nat lookup +} diff --git a/etc/relayd.conf b/etc/relayd.conf index ff12fe36cb2..cf22b2c6b56 100644 --- a/etc/relayd.conf +++ b/etc/relayd.conf @@ -1,10 +1,11 @@ -# $OpenBSD: relayd.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $ +# $OpenBSD: relayd.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $ # # Macros # ext_addr="192.168.1.1" webhost1="10.0.0.1" webhost2="10.0.0.2" +sshhost1="10.0.0.3" # # Global Options @@ -43,16 +44,16 @@ service www { } # -# Relays and protocols are used for Layer 7 loadbalancing +# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration # protocol httpssl { - protocol http + protocol http header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header change "Connection" to "close" - # Various TCP performance options - tcp { nodelay, sack, socket buffer 65536, backlog 128 } + # Various TCP performance options + tcp { nodelay, sack, socket buffer 65536, backlog 128 } # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } # ssl session cache disable @@ -66,3 +67,40 @@ relay wwwssl { # Forward to hosts in the webhosts table using a src/dst hash table webhosts loadbalance } + +# +# Relay and protocol for simple TCP forwarding on layer 7 +# +protocol sshtcp { + protocol tcp + + # The TCP_NODELAY option is required for "smooth" terminal sessions + tcp nodelay +} + +relay sshgw { + # Run as a simple TCP relay + listen on $ext_addr port 2222 + protocol sshtcp + + # Forward to the shared carp(4) address of an internal gateway + forward to $sshhost1 port 22 +} + +# +# Relay and protocol for a transparent HTTP proxy +# +protocol httpfilter { + protocol http + header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent" + response header filter "application/*" from "Content-Type" +} + +relay httpproxy { + # Listen on localhost, accept redirected connections from pf(4) + listen on 127.0.0.1 port 8080 + protocol httpfilter + + # Forward to the original target host + nat lookup +} |