[FUG-BR] Relayd

[Rodrigo Mosconi]

Repare na linha:

relay_connect: session 762: forward failed: No route to host

O firewall pinga os demais hosts?
acessa porta 80?


Em 10 de maio de 2011 10:58, Éderson Chimbida <chimbida em gmail.com> escreveu:
> Pessoal sei que a lista é FreeBSD mas as listas de OpenBSD do Brasil estão
> meio mortas então segue minha dúvida...
>
> Tenho 2 firewalls com PF e rodando CARP e recentemente substitui um
> proxy-balance feito no apache 2.2 pelo relayd.
>
> Tenho 3 regras de protocolo e 3 regras para relay, onde faço relay para
> webservices .net rodando em servidores IIS, basicamente faço algumas
> checagens no header do http, como o host, passo o ip do cliente para o IIS
> (X-Forwarded-For) e algumas checagens do user_agent
>
> Problema que o relayd esta fechando e não faço idéia porque!
>
> quando rodo com -d -v
>
> relay_connect: session 762: forward failed: No route to host
> relay ws_acfc, session 762 (3 active), 0, 1xx.5x.1xx.1xx -> 192.168.1.48:80,
> session failed (502 Bad Gateway)
> kill_tables: deleted 0 tables
> flush_rulesets: flushed rules
> pf update engine exiting
> host check engine exiting
> # socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
> socket relay engine exiting
>
> ------ relayd.conf----
> relayd_addr="127.0.0.1"
> relay_ws_port="10082"
>
> web_port="80"
> table <47e48> { 192.168.1.47, 192.168.1.48 }
>
> ## Global Options
> interval 10
> timeout 200
> prefork 5
> log updates
>
> http protocol "ws_xxx" {
>   ### TCP performance options
>   tcp { nodelay, sack, socket buffer 65536, backlog 100 }
>   ### Return HTTP/HTML error pages
>   return error
>   ### allow logging of remote client ips to internal web servers
>   header append "$REMOTE_ADDR" to "X-Forwarded-For"
>   header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
>   ### set Keep-Alive timeout to global timeout
>   header change "Keep-Alive" to "$TIMEOUT"
>   ### close connections upon receipt
>   header change "Connection" to "close"
>   ### Block bad or abusive User-Agents (case insensitive)
>   label "BAD user agent"
>   request header filter "xxxxxxxx" from "User-Agent"
>   request header filter "xxxxxxxx" from "User-Agent"
>   request header filter "xxxxxxxx" from "User-Agent"
>   request header filter "xxxxxxxx" from "User-Agent"
>   request header filter "xxxxxxxx" from "User-Agent"
>   request header filter "xxxxxxxx" from "User-Agent"
>   request header filter "xxxxxxxx" from "User-Agent"
>   request header filter "xxxxxxxx" from "User-Agent"
>   ### Block bad Referrers, (case insensitive)
>   label "BAD referrer"
>   request header filter "xxxxx*" from "Referer"
>   request header filter "xxxxx*" from "Referer"
>   request header filter "xxxxx*" from "Referer"
>   request header filter "xxxxx*" from "Referer"
>   request header filter "xxxxx*" from "Referer"
>   request header filter "xxxxx*" from "Referer"
>   ### Anonymize our webserver's name/type
>   response header change "Server" to "JustSomeServer"
>   ### Block requests to wrong host (case insensitive)
>   label "HOST ERRADO"
>   request header expect "services.xxxxx.net" from "Host"
>   request header expect "servicesxx.xxxxx.net" from "Host"
>   request header expect "servicesxxx.xxxxx.net" from "Host"
> }
>
>
> relay ws_xxx {
>   ### listen and accept redirected connections from pf. For most
>   ### protocol types you can also use the synproxy flag in your pf.conf
> rules.
>   listen on $relayd_addr port $relay_ws_port
>   ### apply web filters listed above
>   protocol "ws_xxx"
>   ### forward to webserver(s) with load balancing and
>   forward to <47e48> port $web_port mode loadbalance check icmp
> }
> ------ relayd.conf----
>
> Alguém pode tem alguma dica?
>
> --
> Éderson H. Chimbida
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>