From c15e626c14fca72c0fc0154a33144a043b8a0510 Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Mon, 22 Oct 2007 08:44:55 +0000 Subject: add additional relay examples: simple non-SSL TCP relay, transparent HTTP proxy. this makes it easier to test hoststated. ok pyr@ --- etc/hoststated.conf | 48 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 5 deletions(-) (limited to 'etc/hoststated.conf') diff --git a/etc/hoststated.conf b/etc/hoststated.conf index bba797b77a5..995d924ebfb 100644 --- a/etc/hoststated.conf +++ b/etc/hoststated.conf @@ -1,10 +1,11 @@ -# $OpenBSD: hoststated.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $ +# $OpenBSD: hoststated.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $ # # Macros # ext_addr="192.168.1.1" webhost1="10.0.0.1" webhost2="10.0.0.2" +sshhost1="10.0.0.3" # # Global Options @@ -43,16 +44,16 @@ service www { } # -# Relays and protocols are used for Layer 7 loadbalancing +# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration # protocol httpssl { - protocol http + protocol http header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header change "Connection" to "close" - # Various TCP performance options - tcp { nodelay, sack, socket buffer 65536, backlog 128 } + # Various TCP performance options + tcp { nodelay, sack, socket buffer 65536, backlog 128 } # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } # ssl session cache disable @@ -66,3 +67,40 @@ relay wwwssl { # Forward to hosts in the webhosts table using a src/dst hash table webhosts loadbalance } + +# +# Relay and protocol for simple TCP forwarding on layer 7 +# +protocol sshtcp { + protocol tcp + + # The TCP_NODELAY option is required for "smooth" terminal sessions + tcp nodelay +} + +relay sshgw { + # Run as a simple TCP relay + listen on $ext_addr port 2222 + protocol sshtcp + + # Forward to the shared carp(4) address of an internal gateway + forward to $sshhost1 port 22 +} + +# +# Relay and protocol for a transparent HTTP proxy +# +protocol httpfilter { + protocol http + header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent" + response header filter "application/*" from "Content-Type" +} + +relay httpproxy { + # Listen on localhost, accept redirected connections from pf(4) + listen on 127.0.0.1 port 8080 + protocol httpfilter + + # Forward to the original target host + nat lookup +} -- cgit v1.2.3