On Thu, December 6, 2018 12:04 pm, Leo Unglaub wrote:
> Hi,
> i am trying to use relayd as an outbound proxy. I am following the
> manual page and also the book "Httpd and Relayd Mastery". I did this on
> the latest release 6.4 and also on the latest snapshot to make sure this
> was not already fixed somewhere. I am on amd64.
>
> My relayd config looks like this:
>
>> # cat /etc/relayd.conf
>> relay "proxy" {
>> listen on 127.0.0.1 port 8080
>> forward to destination
>> }
>>
>> relay "proxy2" {
>> listen on 192.168.0.19 port 9090
>> forward to destination
>> }
>
>
> I use this command to open up a connection from a different host in the
> network:
>
>> $ curl -i -x 192.168.0.19:9090 openbsd.org
>
> I used the following command when i am on the same host:
>
>> $ curl -i -x 127.0.0.1:8080 openbsd.org
>
I don't have the time to set this up to test, so just throwing ideas out.
Doesn't this set up a transparent relay? Should you be configuring a
proxy with curl in this case? Did you try it without?
>
> I get the same error every time:
>> # relayd -dvvvvf /etc/relayd.conf
>> startup
>> pfe: filter init done
>> socket_rlimit: max open files 1024
>> socket_rlimit: max open files 1024
>> socket_rlimit: max open files 1024
>> socket_rlimit: max open files 1024
>> parent_tls_ticket_rekey: rekeying tickets
>> relay_privinit: adding relay proxy
>> protocol -1: name default
>> flags: used, relay flags: divert
>> tls session tickets: disabled
>> type: tcp
>> relay_privinit: adding relay proxy2
>> protocol -1: name default
>> flags: used, relay flags: divert
>> tls session tickets: disabled
>> type: tcp
>> init_tables: created 0 tables
>> relay_launch: running relay proxy
>> relay_launch: running relay proxy
>> relay_launch: running relay proxy2
>> relay_launch: running relay proxy
>> relay_launch: running relay proxy2
>> relay_launch: running relay proxy2
>> relay_connect: session 1: forward failed: Operation not permitted
>> relay_close: sessions inflight decremented, now 0
>
>
> I used the following addition to the default pf.conf.
>> pass in on egress inet proto tcp to port 80 divert-to 127.0.0.1 port
>> 8080
>
If you're connecting from inside the network, is 'in on egress' the
correct interace here?
>
>
> Is this a bug in my setup or a problem with relayd?
>
> I also tryed the entire config from the book "Httpd and Relayd Mastery"
> and even when i type it down 1 by 1 i get the same error.
>
> Thanks and greetings
> Leo
>
