First result on Google for "relayd example" seems to be pretty thorough. https://calomel.org/relayd.html
On Wed, Jun 7, 2017 at 7:51 AM, Marko Cupać <marko.cu...@mimar.rs> wrote: > On Tue, 6 Jun 2017 12:05:10 -0500 > Ax0n <a...@h-i-r.net> wrote: > > > Also, this seems like something that, depending on where the > > destination servers are, could be handled easily with PF by itself, > > or with the help of relayd, with a lot less hassle. > > Perhaps I didn't explain what I use this for. I have a vlan on private > subnet, which has no access to other private vlans - it can contact > only Internet hosts. One of "Internet" hosts is actually IP alias on > external interface of my OpenBSD firewall, which redirects (rdr-to) > internal host on my LAN: > > pass in on $if_ext inet proto tcp from any to $pub_srv port $web \ > rdr-to $priv_srv > > Now, as redirection happens to packets which are incoming to external > interface, above rule does not hit for packets coming from internal > vlan. > > That's why I combine pf redirection on internal interface to > loopback: > pass in quick on $if_int inet proto tcp from <privnets> to $pub_srv \ > port 80 rdr-to 127.0.0.1 port 20080 > pass in quick on $if_int inet proto tcp from <privnets> to $pub_srv \ > port 443 rdr-to 127.0.0.1 port 20443 > > ... and proxy these packets with nc from inetd: > 127.0.0.1:20080 stream tcp nowait _nc_proxy /usr/bin/nc \ > srv-http -w 20 PRI.VAT.EAD.DR 80 > 127.0.0.1:20443 stream tcp nowait _nc_proxy /usr/bin/nc \ > srv-https -w 20 PRI.VAT.EAD.DR 443 > > I know that simple rdr on internal interface doesn't work out of the > box - I would probably need some kind of NAT, as LAN server wouldn't > return packet to firewall from where it was redirected - it would try > to contact LAN client directly, and fail (isolated VLAN). > > Now as for relayd, I never used it. If someone gave me working example > and an explanation why it is better than my current solution, I'd be > glad to switch, and pass the word around :) > > Thank you all for tips and hints. > -- > Before enlightenment - chop wood, draw water. > After enlightenment - chop wood, draw water. > > Marko Cupać > https://www.mimar.rs/ > >