subject:"relayd relay stability"

Re: relayd relay stability

2015-07-21 Thread Stuart Henderson

On 2015-07-21, keith scott  wrote:
> Hi, I am having some trouble building relayd. I've got down to the "make"
> part where it fails as you can see below. Do you know what I'm doing wrong ?

I suspect you perhaps didn't install the comp57.tgz set, if that's likely
you can add it to the running system if you like:

# cd /tmp
# ftp http://ftp.fr.openbsd.org/pub/OpenBSD/5.7/amd64/{SHA256.sig,comp57.tgz}
# signify -C -p /etc/signify/openbsd-57-base.pub -x SHA256.sig comp57.tgz &&
(cd /; tar xzpvf tmp/comp57.tgz)

Re: relayd relay stability

2015-07-21 Thread keith scott

Hi, I am having some trouble building relayd. I've got down to the "make"
part where it fails as you can see below. Do you know what I'm doing wrong ?

I downloaded the src.tar.gz file
tar xzf ../src.tar.gz

export CVSROOT=anon...@anoncvs.spacehopper.org:/cvs
cvs up -AC
cvs server: Updating .
P agentx.c
P ca.c
P config.c
P control.c
P http.h
P parse.y
P pfe.c
P relay.c
P relay_http.c
P relayd.c
P relayd.conf.5
P relayd.h
P ssl.c
# make obj
/usr/src/usr.sbin/relayd/obj -> /usr/obj/usr.sbin/relayd
# make
make: don't know how to make /usr/lib/crt0.o (prerequisite of: relayd)
Stop in /usr/src/usr.sbin/relayd

Thanks
Keith.


On Tue, Jul 21, 2015 at 5:08 AM, Sebastian Benoit 
wrote:

>
> Hi,
>
> here is how to update relayd to current:
>
> (your user account has to be in group wsrc)
>
> $ cd /usr
> $ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_7 -P src
> $ cd src/usr.sbin/relayd
> $ cvs up -AC
> $ make obj
> $ make
> $ sudo cp /usr/sbin/relayd /usr/sbin/relayd.orig
> $ sudo make install
>
> restart relayd and see if its better.
>
> /Benno
>
> Keith(ke...@scott-land.net) on 2015.07.20 23:55:43 +0100:
> > Hi,
> > Since upgrading one of our OpenBSD firewalls on Monday last
> > week we have been having serious stability issues with relayd as its
> > been randomly exiting after only a few hours of being started.  We were
> > in the same situation a few years ago when we did a previous upgrade of
> > OBSD and at that time I think we reverted some of the servers to a
> > previous build of OBSD,  I think we also committed out some parts of our
> > relayd.conf file until things became stable and we left it like that
> > till we upgraded last week.
> >
> > I've got a feeling that the crashes are related to the only "relay" that
> > we have called "http_forwarder" and to the protocol we've called "http"
> > where we add the X-Forwarded header.  Previous to the recent upgrade the
> > "match header append "X-Forwarded-For"..." line had been commented out
> > and I am assuming that that was the reason that it had been stable.
> >
> > After the first or second crash last week I think we removed the "http"
> > protocol from our relayd.conf and that made things stable again but we
> > need to get the X-Forwarded-For header working so I re enabled it again
> > today along with some minor other edits but relayd has died again...
> >
> > After searching around I found this but am not sure if it's related to
> > our issue http://permalink.gmane.org/gmane.os.openbsd.misc/220963
> >
> > If anyone can help it would be appreciated as I am unsure how or what to
> > do next.
> >
> > Thanks,
> >
> > Keith
> >
> > I left relayd running in the foreground with verbose enabled and below
> > are the last few log lines.
> >
> > relay http_forwarder, session 8734 (440 active), 0, XX.XX.XX.174 -> :0,
> > no method (406 Not Acceptable), POST
> > ca exiting, pid 26811
> > ca exiting, pid 17254
> > pfe exiting, pid 26999
> > ca exiting, pid 29382
> > ca exiting, pid 7976
> > ca exiting, pid 24659
> > hce exiting, pid 16102
> > relay exiting, pid 9783
> > relay exiting, pid 19514
> > relay exiting, pid 12042
> > relay exiting, pid 13716
> > parent terminating, pid 29733
> >
> > Our relayd.conf file
> >
> > Interval 60
> > timeout 8000
> > prefork 5
> > log updates
> >
> > table { 192.168.XX.aa, 192.168.XX.bb }
> >
> > http protocol "http" {
> >   match header append "X-Forwarded-For" value "$REMOTE_ADDR"
> >   return error
> > }
> >
> > redirect "http_Main" {
> >   listen on 192.168.xx.2 port  80 interface vlanXX
> >   listen on 192.168.xx.3 port  80 interface vlanXX
> >   match pftag http_Main
> >   forward to   port  82 check http "/" code 200
> > }
> >
> > redirect "https_Main" {
> >   listen on 192.168.xx.2 port 443 interface vlanXX
> >   match pftag https_Main
> >   forward to   port 443 check tcp
> > }
> >
> > redirect "https_Other" {
> >   listen on 192.168.xx.3 port 443 interface vlanXX
> >   match pftag https_NN_Only
> >   forward to   port 445 check tcp
> > }
> >
> > relay "http_forwarder" {
> >   listen on 127.0.0.1 port 8080
> >   protocol "http"
> >   forward to  port 82 mode loadbalance check http "/" code 200
> > }
> >
> > relay "SSL_Generic" {
> >   listen on 127.0.0.1 port 9441
> >   forward to  port  443 mode loadbalance check tcp
> > }
> >
> > relay "SSL_Other" {
> >   listen on 127.0.0.1 port 9444
> >   forward to  port 445 mode loadbalance check tcp
> > }
> >
>
> --

Re: relayd relay stability

2015-07-20 Thread Sebastian Benoit

Hi Keith,

please update relayd to the version from current and see if this fixes your
problems. quite a few bugs were fixed since 5.7 release.

/Benno

Keith(ke...@scott-land.net) on 2015.07.20 23:55:43 +0100:
> Hi,
> Since upgrading one of our OpenBSD firewalls on Monday last 
> week we have been having serious stability issues with relayd as its 
> been randomly exiting after only a few hours of being started.  We were 
> in the same situation a few years ago when we did a previous upgrade of 
> OBSD and at that time I think we reverted some of the servers to a 
> previous build of OBSD,  I think we also committed out some parts of our 
> relayd.conf file until things became stable and we left it like that 
> till we upgraded last week.
> 
> I've got a feeling that the crashes are related to the only "relay" that 
> we have called "http_forwarder" and to the protocol we've called "http" 
> where we add the X-Forwarded header.  Previous to the recent upgrade the 
> "match header append "X-Forwarded-For"..." line had been commented out 
> and I am assuming that that was the reason that it had been stable.
> 
> After the first or second crash last week I think we removed the "http" 
> protocol from our relayd.conf and that made things stable again but we 
> need to get the X-Forwarded-For header working so I re enabled it again 
> today along with some minor other edits but relayd has died again...
> 
> After searching around I found this but am not sure if it's related to 
> our issue http://permalink.gmane.org/gmane.os.openbsd.misc/220963
> 
> If anyone can help it would be appreciated as I am unsure how or what to 
> do next.
> 
> Thanks,
> 
> Keith
> 
> I left relayd running in the foreground with verbose enabled and below 
> are the last few log lines.
> 
> relay http_forwarder, session 8734 (440 active), 0, XX.XX.XX.174 -> :0, 
> no method (406 Not Acceptable), POST
> ca exiting, pid 26811
> ca exiting, pid 17254
> pfe exiting, pid 26999
> ca exiting, pid 29382
> ca exiting, pid 7976
> ca exiting, pid 24659
> hce exiting, pid 16102
> relay exiting, pid 9783
> relay exiting, pid 19514
> relay exiting, pid 12042
> relay exiting, pid 13716
> parent terminating, pid 29733
> 
> Our relayd.conf file
> 
> Interval 60
> timeout 8000
> prefork 5
> log updates
> 
> table { 192.168.XX.aa, 192.168.XX.bb }
> 
> http protocol "http" {
>   match header append "X-Forwarded-For" value "$REMOTE_ADDR"
>   return error
> }
> 
> redirect "http_Main" {
>   listen on 192.168.xx.2 port  80 interface vlanXX
>   listen on 192.168.xx.3 port  80 interface vlanXX
>   match pftag http_Main
>   forward to   port  82 check http "/" code 200
> }
> 
> redirect "https_Main" {
>   listen on 192.168.xx.2 port 443 interface vlanXX
>   match pftag https_Main
>   forward to   port 443 check tcp
> }
> 
> redirect "https_Other" {
>   listen on 192.168.xx.3 port 443 interface vlanXX
>   match pftag https_NN_Only
>   forward to   port 445 check tcp
> }
> 
> relay "http_forwarder" {
>   listen on 127.0.0.1 port 8080
>   protocol "http"
>   forward to  port 82 mode loadbalance check http "/" code 200
> }
> 
> relay "SSL_Generic" {
>   listen on 127.0.0.1 port 9441
>   forward to  port  443 mode loadbalance check tcp
> }
> 
> relay "SSL_Other" {
>   listen on 127.0.0.1 port 9444
>   forward to  port 445 mode loadbalance check tcp
> }
> 

--

relayd relay stability

2015-07-20 Thread Keith


Hi,
Since upgrading one of our OpenBSD firewalls on Monday last 
week we have been having serious stability issues with relayd as its 
been randomly exiting after only a few hours of being started.  We were 
in the same situation a few years ago when we did a previous upgrade of 
OBSD and at that time I think we reverted some of the servers to a 
previous build of OBSD,  I think we also committed out some parts of our 
relayd.conf file until things became stable and we left it like that 
till we upgraded last week.


I've got a feeling that the crashes are related to the only "relay" that 
we have called "http_forwarder" and to the protocol we've called "http" 
where we add the X-Forwarded header.  Previous to the recent upgrade the 
"match header append "X-Forwarded-For"..." line had been commented out 
and I am assuming that that was the reason that it had been stable.


After the first or second crash last week I think we removed the "http" 
protocol from our relayd.conf and that made things stable again but we 
need to get the X-Forwarded-For header working so I re enabled it again 
today along with some minor other edits but relayd has died again...


After searching around I found this but am not sure if it's related to 
our issue http://permalink.gmane.org/gmane.os.openbsd.misc/220963


If anyone can help it would be appreciated as I am unsure how or what to 
do next.


Thanks,

Keith

I left relayd running in the foreground with verbose enabled and below 
are the last few log lines.


relay http_forwarder, session 8734 (440 active), 0, XX.XX.XX.174 -> :0, 
no method (406 Not Acceptable), POST

ca exiting, pid 26811
ca exiting, pid 17254
pfe exiting, pid 26999
ca exiting, pid 29382
ca exiting, pid 7976
ca exiting, pid 24659
hce exiting, pid 16102
relay exiting, pid 9783
relay exiting, pid 19514
relay exiting, pid 12042
relay exiting, pid 13716
parent terminating, pid 29733

Our relayd.conf file

Interval 60
timeout 8000
prefork 5
log updates

table { 192.168.XX.aa, 192.168.XX.bb }

http protocol "http" {
  match header append "X-Forwarded-For" value "$REMOTE_ADDR"
  return error
}

redirect "http_Main" {
  listen on 192.168.xx.2 port  80 interface vlanXX
  listen on 192.168.xx.3 port  80 interface vlanXX
  match pftag http_Main
  forward to   port  82 check http "/" code 200
}

redirect "https_Main" {
  listen on 192.168.xx.2 port 443 interface vlanXX
  match pftag https_Main
  forward to   port 443 check tcp
}

redirect "https_Other" {
  listen on 192.168.xx.3 port 443 interface vlanXX
  match pftag https_NN_Only
  forward to   port 445 check tcp
}

relay "http_forwarder" {
  listen on 127.0.0.1 port 8080
  protocol "http"
  forward to  port 82 mode loadbalance check http "/" code 200
}

relay "SSL_Generic" {
  listen on 127.0.0.1 port 9441
  forward to  port  443 mode loadbalance check tcp
}

relay "SSL_Other" {
  listen on 127.0.0.1 port 9444
  forward to  port 445 mode loadbalance check tcp
}

Re: relayd relay stability

Re: relayd relay stability

Re: relayd relay stability

relayd relay stability

4 matches

Site Navigation

Mail list logo

Footer information