On Wed, October 5, 2016 8:43 am, Radek wrote:
> Yes, my servers share the same ext IP.
> It is 5.9. I am trying to configure relayd. I commented out previous
> "rdr-to" rules from /etc/pf.conf and added as below.
> 10.0.30.101, 10.0.30.201 - it is not a mistake - ( 10.0.8.11, 10.0.8.22
> was just an exemplary IP)
> All websites are unreachable now.
>
> #grep relayd /etc/pf.conf
> anchor "relayd/*"
>
> #relayd -n
> configuration OK
>
> #cat /etc/relayd.conf
> ext_addr="msk0"
> host1="10.0.30.101"
> host2="10.0.30.201"
>
> table <www_101> { $host1 }
> table <www_201> { $host2 }
>
> http protocol "web_one" {
> return error
> pass
> match request header "Host" value "1.domain.com" forward to <www_101>
I think you need "pass request header..."
> }
>
> http protocol "web_two" {
> return error
> pass
> match request header "Host" value "4.domain.com" forward to <www_201>
> }
You should combine the two protocols into one. You can have multiple pass
lines. Last match wins, unless you use "quick". You can define a default
that way.
>
> relay relay_one {
> listen on $ext_addr port 80
> protocol "web_one"
> forward to <www_101> check tcp port 80
> }
>
> relay relay_two {
> listen on $ext_addr port 80
> protocol "web_two"
> forward to <www_201> check tcp port 80
> }
You should have only one relay defined, you can't have two things
listening on the same port. Just put the two "forward to" lines in the
same relay block.
>
> #/etc/rc.d/relayd -df restart
> doing _rc_parse_conf
> doing _rc_quirks
> relayd_flags empty, using default ><
> doing _rc_read_runfile
> doing _rc_parse_conf
> doing _rc_quirks
> relayd_flags empty, using default ><
> doing _rc_read_runfile
> doing rc_check
> relayd
> doing rc_stop
> doing _rc_wait stop
> doing rc_check
> doing rc_check
> doing _rc_rm_runfile
> (ok)
> doing _rc_parse_conf
> doing _rc_quirks
> relayd_flags empty, using default ><
> doing _rc_read_runfile
> doing rc_check
> relayd
> doing rc_pre
> configuration OK
> doing rc_start
> doing _rc_wait start
> doing rc_check
> doing _rc_write_runfile
> (ok)
>
relayctl is your friend here. See if the relays are actually up:
'relayctl show relays' and 'relayctl show summary'
