Relayd with 2 interfaces

Fri, 17 Nov 2023 03:14:45 -0800 

hi

i would to like setup an vm that run relayd with an inbound interfaces

and an outbound interface.

vm host -> openbsd 7.3


i setup an vm with openbsd 7.3  with 2 interfaces

net.ip.inet.forward=0

vio0 inbound

vio0 outbound, on this interfaces is also setup the default gw for the vm.
both veb's for the vm lives in seperate rdomain . ( inbound rtable 15 , outbound rtable 25 )
the relayd destination webserver lives in an aditional rdomain ( rdomain 120 ) 

i add rdr-rules for the vm vio0 interface inbound ( 10.0.99.2 )
pass in on lan inet proto tcp from lan:network to $my_webserver_domain port 80 rtable 15 rdr-to 10.0.99.2 

i add also rules vor outbound ( rdomain 25 )

pass in quick on vport25 inet proto icmp from any to dmz:network rtable 120
pass in quick on vport25 inet proto tcp from any to 192.168.135.11 port 80 rtable 120 

on vm :

i can ping the dmz hosts and also connect port 80 .

i see the incoming packets on vio0 with tcpdump.

vm can reach outbound internet and the dmz systems

on vm host

an connect by telnet -V  15 10.0.99.2 works

relayd conf on vm:

alg# cat relayd.conf
alg_ip4="10.0.99.2"
log connection
log state changes
log host checks

timeout 200
interval 5
domain1="192.168.135.11"
table <webserver> { $domain1 }

http protocol p_http {
        # Return HTTP/HTML error pages to the client
        return error
        # your web application might need these headers
        match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
        match request header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" 
        match header set "Connection" value "close"
        pass
}


relay reverse_proxy_http {
        listen on $alg_ip4 port 80
        protocol p_http
        forward to <webserver> port 80 check http "/" code 200
}
the problem is , if i try to connect the domain1.de from my lan ( rdr-rule inbound ) the connection 

will not work .

on vm:

i see the redirected inbound traffic on vio0 ,

i see traffic between relayd and the backend server on vio1,

but i don't see the backend server answer on vio0.

i try this with inet.forward=1 but same result.
can relayd handle this setup with inbound and outbound traffic on seperate interfaces ? 

if you need addidional informantion please let me know.


thanks for help

Holger

Reply via email to