Hi, Mike Belopuhov: I tried with your patch but nothing more is shown, when I connect the client I just get:
proc_dispatch: parent 1 got imsg 42 from relay 4 proc_dispatch: relay 1 got imsg 42 from parent relay_dispatch_parent: session 1: expired The thing that is really bothering me is that "expired" line, I tried to trace it in the code by adding debugging message but the session it does not found (expired) was correctly created and I cannot find any point where it would be destroyed (I added debug messages on every SPLAY_* call I found touching rlay->rl_sessions). Marios Makassikis: I already found this thread (and in fact that's the only real documentation I found on transparent mode) but I do what is written there. I tried adding your rule and connecting on port 80 with: $ curl http://192.168.20.1:80 but I have the same problem, the connection is accepted by relayd but I see no outgoing packets with: $ tcpdump -plni em1 host 192.168.33.11 and I checked the route again just to be sure (ping works too): $ route -n get 192.168.33.11 route to: 192.168.33.11 destination: 192.168.33.11 interface: em1 if address: 192.168.33.10 priority: 4 (connected) flags: <UP,HOST,DONE,LLINFO,CLONED> use mtu expire 2 0 840 In the post you linked the author mention the three way of using transparent and the first usecase is "A normal listener on an IP address that is directly reachable by clients" which is what I do :/ On 27 March 2012 19:18, Marios Makassikis <[email protected]> wrote: > Hi, > > You need to tell PF to intercept packets and redirect them to the relayd > process. > > pass in on em2 inet proto tcp to any port www divert-to 192.168.20.1 port > 8000 > > pass out log(all) on em1 divert-reply > > You can find some more detailed information regarding relayd transparent > proxying in this thread: > http://marc.info/?l=openbsd-misc&m=130479125318862&w=2 > > After reloading PF, keep in mind that you have to change your test, i.e.: > connect to > your server on port 80, not port 8000. > > Marios. > > > > On 27 March 2012 15:18, Schmurfy <[email protected]> wrote: > >> Hi, >> I am trying to forward port using relayd which works but what I really >> need >> is transparent relaying and I cannot make that one works :/ >> >> I have one OpenBSD 5.0 server with two network card (em0 can be ignored): >> - em1: 192.168.33.10/24 >> - em2: 192.168.20.1/24 >> >> And another machine acting as server: >> - em1: 192.168.33.11/24 >> >> My computer (client) is connected to the server on em2 and the server and >> router are connected with their em1 interfaces, the server use the router >> as its default route. >> >> Here is my working configuration in non transparent mode: >> pf.conf: >> set skip on lo >> anchor "relayd/*" >> pass # to establish keep-state >> >> >> relayd.conf: >> relay banana { >> listen on "192.168.20.1" port 8000 >> forward to "192.168.33.11" port 80 >> } >> >> >> >> After restarting relayd I connect with "curl http://192.168.20.1:8000"; >> and >> I get the page served by the server machine, eveything is fine. >> > > >> Now I tried switching to a transparent relay, I added this in pf.conf: >> pass out log(all) on em1 divert-reply >> >> and my relayd.conf now looks like this: >> relay banana { >> listen on "192.168.20.1" port 8000 >> transparent forward to "192.168.33.11" port 80 interface em1 >> } >> >> >> After restarting relayd and reloading pf.conf if I start curl again I >> successfully connects to the relayd process but it never even tries to >> connect to the http server on the server machine :/ >> >> I did some tests to ensure the routing was correct and the SO_BINDANY >> option was working by running this command on the router: >> nc -s 192.168.20.254 192.168.33.11 80 >> >> When I do this it connects and if I type "GET /" it returns the web page >> and the server sees a connection from 192.168.20.254 so it seems to work. >> >> >> For some reason relayd cannot open the socket but I have no idea why... >> relayd logging is not very helpful, I managed to force it in debug mode >> and >> I got this: >> >> proc_dispatch: parent 1 got imsg 42 from relay 4 >> proc_dispatch: relay 1 got imsg 42 from parent 0 >> relay_dispatch_parent: session 1: expired >> proc_dispatch: pfe 1 got imsg 39 from relay 4 >> # (previous line repeated a lot of time) >> >> relay banana, session 1 (1 active), 0, 192.168.20.254 -> :80, bindany >> failed, invalid socket >> # (after the previous line the connection with curl is closed) >> >> proc_dispatch: pfe 1 got imsg 39 from relay 4 >> # (previous line repeated until I hit Ctrl+C) >> >> Any idea why relayd would fails to establish the connection ? I am now >> digging into the relayd sources trying to find something helpful but not >> much luck for now. >> >> Thanks for any help, it's really driving me crazy...
