Hi, You need to tell PF to intercept packets and redirect them to the relayd process.
pass in on em2 inet proto tcp to any port www divert-to 192.168.20.1 port 8000 pass out log(all) on em1 divert-reply You can find some more detailed information regarding relayd transparent proxying in this thread: http://marc.info/?l=openbsd-misc&m=130479125318862&w=2 After reloading PF, keep in mind that you have to change your test, i.e.: connect to your server on port 80, not port 8000. Marios. On 27 March 2012 15:18, Schmurfy <[email protected]> wrote: > Hi, > I am trying to forward port using relayd which works but what I really need > is transparent relaying and I cannot make that one works :/ > > I have one OpenBSD 5.0 server with two network card (em0 can be ignored): > - em1: 192.168.33.10/24 > - em2: 192.168.20.1/24 > > And another machine acting as server: > - em1: 192.168.33.11/24 > > My computer (client) is connected to the server on em2 and the server and > router are connected with their em1 interfaces, the server use the router > as its default route. > > Here is my working configuration in non transparent mode: > pf.conf: > set skip on lo > anchor "relayd/*" > pass # to establish keep-state > > > relayd.conf: > relay banana { > listen on "192.168.20.1" port 8000 > forward to "192.168.33.11" port 80 > } > > > > After restarting relayd I connect with "curl http://192.168.20.1:8000"; and > I get the page served by the server machine, eveything is fine. > > Now I tried switching to a transparent relay, I added this in pf.conf: > pass out log(all) on em1 divert-reply > > and my relayd.conf now looks like this: > relay banana { > listen on "192.168.20.1" port 8000 > transparent forward to "192.168.33.11" port 80 interface em1 > } > > > After restarting relayd and reloading pf.conf if I start curl again I > successfully connects to the relayd process but it never even tries to > connect to the http server on the server machine :/ > > I did some tests to ensure the routing was correct and the SO_BINDANY > option was working by running this command on the router: > nc -s 192.168.20.254 192.168.33.11 80 > > When I do this it connects and if I type "GET /" it returns the web page > and the server sees a connection from 192.168.20.254 so it seems to work. > > > For some reason relayd cannot open the socket but I have no idea why... > relayd logging is not very helpful, I managed to force it in debug mode and > I got this: > > proc_dispatch: parent 1 got imsg 42 from relay 4 > proc_dispatch: relay 1 got imsg 42 from parent 0 > relay_dispatch_parent: session 1: expired > proc_dispatch: pfe 1 got imsg 39 from relay 4 > # (previous line repeated a lot of time) > > relay banana, session 1 (1 active), 0, 192.168.20.254 -> :80, bindany > failed, invalid socket > # (after the previous line the connection with curl is closed) > > proc_dispatch: pfe 1 got imsg 39 from relay 4 > # (previous line repeated until I hit Ctrl+C) > > Any idea why relayd would fails to establish the connection ? I am now > digging into the relayd sources trying to find something helpful but not > much luck for now. > > Thanks for any help, it's really driving me crazy...
