thank you for your comments, I will dig into it. cheers
Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: owner-m...@openbsd.org <owner-m...@openbsd.org> on behalf of Stuart Henderson <stu.li...@spacehopper.org> Sent: Sunday, August 7, 2022 3:56:16 AM To: misc@openbsd.org <misc@openbsd.org> Subject: Re: Relayd Questions On 2022-08-06, Todd Carpenter <tcarpenter...@gmail.com> wrote: > Hi all, > > I've been trying to get relayd up and running on my configuration and had a > couple of questions I could not find answers for. > > As I understand it, relayd is capable of making a "protocol" where you > could essentially take connection details and call it whatever you like, > then create rules in pf via that protocol. > > for example, in mwl's relayd book he creates a "dns fix protocol" > relay dns { > listen on 203.0.113.213 port 53 > forward to check tcp > protocol dnsfix > } > > questions: > how can I pass this to pf.conf and apply stickines to it to ensure that if > the protocol dnsfix was routed to server 52 on the back end.. that all > future requests are sent to server 52 and not server 17 (ie is this a > relayd.conf thing.. or a pf.conf thing)? Relays are userland TCP proxies done inside relayd. Configuring them is done in relayd.conf. See man relayd.conf | less "+/set the scheduling algorithm" > is it possible to have multiple ports and protocols wrapped into a new > protocol? > for example I need port 443 tcp, 10443 tcp, 8000 udp and 8001 tcp .. to be > treated as a single connection. Is a protocol even the right tool for the > job? If so, how do you add multiple ports? or does each rule need to be > seperate? (an example would be awesome) As a single protocol definition? You can't, you need separate ones. > Next question, in regards to the previous question. How would you apply a > stickiness state to ensure that all 4 ports from the same client are sent > to the same server? "mode source-hash" is probably the only option. > last question.. > how do you decide what configuration should be placed in pf.conf vs > relayd.conf? and if your using an anchor like relayd .. in terms of pf, is > there 1 config or are they seperate? > > IE: if i have a <table> in relayd.conf that defines {server1,2,3,4} do I > need the same table in my pf.conf file? or should I make the exact same > table with a unique name? or are the relayd.conf tables used as both an > anchor and expanded into the default pf.conf? For the main part relayd loads what it needs into PF under the anchor. If you're using _redirections_ with sticky-address and want that to persist across multiple connections then see "src.track" in pf.conf(5). -- Please keep replies on the mailing list.
