Hi all,
I've been trying to get relayd up and running on my configuration and had a
couple of questions I could not find answers for.
As I understand it, relayd is capable of making a "protocol" where you
could essentially take connection details and call it whatever you like,
then create rules in pf via that protocol.
for example, in mwl's relayd book he creates a "dns fix protocol"
relay dns {
listen on 203.0.113.213 port 53
forward to check tcp
protocol dnsfix
}
questions:
how can I pass this to pf.conf and apply stickines to it to ensure that if
the protocol dnsfix was routed to server 52 on the back end.. that all
future requests are sent to server 52 and not server 17 (ie is this a
relayd.conf thing.. or a pf.conf thing)?
is it possible to have multiple ports and protocols wrapped into a new
protocol?
for example I need port 443 tcp, 10443 tcp, 8000 udp and 8001 tcp .. to be
treated as a single connection. Is a protocol even the right tool for the
job? If so, how do you add multiple ports? or does each rule need to be
seperate? (an example would be awesome)
Next question, in regards to the previous question. How would you apply a
stickiness state to ensure that all 4 ports from the same client are sent
to the same server?
last question..
how do you decide what configuration should be placed in pf.conf vs
relayd.conf? and if your using an anchor like relayd .. in terms of pf, is
there 1 config or are they seperate?
IE: if i have a <table> in relayd.conf that defines {server1,2,3,4} do I
need the same table in my pf.conf file? or should I make the exact same
table with a unique name? or are the relayd.conf tables used as both an
anchor and expanded into the default pf.conf?
Apologies if my questions seem silly, I'm still kind of new to pf/openbsd.
Kind regards
