busque no ports por "pfstats", configure os graficos e ter'a uma grande ferramenta para ajudar a resolver esses problemas
Em 10 de maio de 2011 11:17, Éderson Chimbida <chimb...@gmail.com> escreveu: > Sim, ele consegue fazer a checagem por ICMP, os hosts estão OK... > > Aumentei o limite de estados das tabelas no meu pf.conf: > > set limit { states 50000, frags 5000 } > > Parece ter resolvido pois até agora esta aguentando, quando ultrapassava os > 10.000 estados que é padrão no PF o relayd fechava! > > -- > Éderson H. Chimbida > > > 2011/5/10 Rodrigo Mosconi <free...@mosconi.mat.br> > >> Repare na linha: >> >> relay_connect: session 762: forward failed: No route to host >> >> O firewall pinga os demais hosts? >> acessa porta 80? >> >> >> Em 10 de maio de 2011 10:58, Éderson Chimbida <chimb...@gmail.com> >> escreveu: >> > Pessoal sei que a lista é FreeBSD mas as listas de OpenBSD do Brasil >> estão >> > meio mortas então segue minha dúvida... >> > >> > Tenho 2 firewalls com PF e rodando CARP e recentemente substitui um >> > proxy-balance feito no apache 2.2 pelo relayd. >> > >> > Tenho 3 regras de protocolo e 3 regras para relay, onde faço relay para >> > webservices .net rodando em servidores IIS, basicamente faço algumas >> > checagens no header do http, como o host, passo o ip do cliente para o >> IIS >> > (X-Forwarded-For) e algumas checagens do user_agent >> > >> > Problema que o relayd esta fechando e não faço idéia porque! >> > >> > quando rodo com -d -v >> > >> > relay_connect: session 762: forward failed: No route to host >> > relay ws_acfc, session 762 (3 active), 0, 1xx.5x.1xx.1xx -> >> 192.168.1.48:80, >> > session failed (502 Bad Gateway) >> > kill_tables: deleted 0 tables >> > flush_rulesets: flushed rules >> > pf update engine exiting >> > host check engine exiting >> > # socket relay engine exiting >> > socket relay engine exiting >> > socket relay engine exiting >> > socket relay engine exiting >> > socket relay engine exiting >> > socket relay engine exiting >> > socket relay engine exiting >> > >> > ------ relayd.conf---- >> > relayd_addr="127.0.0.1" >> > relay_ws_port="10082" >> > >> > web_port="80" >> > table <47e48> { 192.168.1.47, 192.168.1.48 } >> > >> > ## Global Options >> > interval 10 >> > timeout 200 >> > prefork 5 >> > log updates >> > >> > http protocol "ws_xxx" { >> > ### TCP performance options >> > tcp { nodelay, sack, socket buffer 65536, backlog 100 } >> > ### Return HTTP/HTML error pages >> > return error >> > ### allow logging of remote client ips to internal web servers >> > header append "$REMOTE_ADDR" to "X-Forwarded-For" >> > header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" >> > ### set Keep-Alive timeout to global timeout >> > header change "Keep-Alive" to "$TIMEOUT" >> > ### close connections upon receipt >> > header change "Connection" to "close" >> > ### Block bad or abusive User-Agents (case insensitive) >> > label "BAD user agent" >> > request header filter "xxxxxxxx" from "User-Agent" >> > request header filter "xxxxxxxx" from "User-Agent" >> > request header filter "xxxxxxxx" from "User-Agent" >> > request header filter "xxxxxxxx" from "User-Agent" >> > request header filter "xxxxxxxx" from "User-Agent" >> > request header filter "xxxxxxxx" from "User-Agent" >> > request header filter "xxxxxxxx" from "User-Agent" >> > request header filter "xxxxxxxx" from "User-Agent" >> > ### Block bad Referrers, (case insensitive) >> > label "BAD referrer" >> > request header filter "xxxxx*" from "Referer" >> > request header filter "xxxxx*" from "Referer" >> > request header filter "xxxxx*" from "Referer" >> > request header filter "xxxxx*" from "Referer" >> > request header filter "xxxxx*" from "Referer" >> > request header filter "xxxxx*" from "Referer" >> > ### Anonymize our webserver's name/type >> > response header change "Server" to "JustSomeServer" >> > ### Block requests to wrong host (case insensitive) >> > label "HOST ERRADO" >> > request header expect "services.xxxxx.net" from "Host" >> > request header expect "servicesxx.xxxxx.net" from "Host" >> > request header expect "servicesxxx.xxxxx.net" from "Host" >> > } >> > >> > >> > relay ws_xxx { >> > ### listen and accept redirected connections from pf. For most >> > ### protocol types you can also use the synproxy flag in your pf.conf >> > rules. >> > listen on $relayd_addr port $relay_ws_port >> > ### apply web filters listed above >> > protocol "ws_xxx" >> > ### forward to webserver(s) with load balancing and >> > forward to <47e48> port $web_port mode loadbalance check icmp >> > } >> > ------ relayd.conf---- >> > >> > Alguém pode tem alguma dica? >> > >> > -- >> > Éderson H. Chimbida >> > ------------------------- >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > >> ------------------------- >> Histórico: http://www.fug.com.br/historico/html/freebsd/ >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd