I did but still negative. No sessions shown in relayctl so still
thinking it's an issue in pf.
On 2020-07-13 22:51, Brian Brombacher wrote:
On Jul 13, 2020, at 8:30 PM, Gabri Tofano wrote:
I have tried to implement the workaround as per man page
but it still doesn't work, here the pf.conf
I have tried to implement the workaround as per man page
but it still doesn't work, here the pf.conf config:
eth0 = "xnf0"
web1 = "172.16.101.31"
anchor "relayd/*"
set skip on lo
block return log
pass log
pass out quick on $eth0 proto tcp to $web1 port 80 \
received-on $eth0 nat-to $eth0
> On Jul 13, 2020, at 8:30 PM, Gabri Tofano wrote:
>
> I have tried to implement the workaround as per man page
> but it still doesn't work, here the pf.conf config:
>
> eth0 = "xnf0"
> web1 = "172.16.101.31"
>
> anchor "relayd/*"
>
> set skip on lo
>
> block return log
> pass log
>
After some further troubleshooting, tonight I took some time to sit down
and
read again the man pages as everything on my config files was looking
fine and
no errors were showing up in any log. With Brian's help we were leading
to the
direction that something was wrong with the pf translation
Am 13.07.2020 07:08 schrieb Gabri Tofano:
"Redirections cannot reflect packets back through the interface they
arrive on, they can only be redirected to hosts connected to different
interfaces or to the firewall itself."
- Keep my current configuration with HAproxy
- Add another network
It isn’t. rdr-to, and by extension redirects, are not natting the
source address.
Clients connecting through relayd and to the backend will have source
addresses
not that of the relayd machine but of the original client.
Thank you for correcting me on this as it was a bad statement told
On 2020-07-11 06:33, Brian Brombacher wrote:
On Jul 10, 2020, at 11:42 PM, Gabri Tofano wrote:
Does http work with redirects? It wasn’t clear if it did or not in
your first post.
It doesn't work with http and that is the redirect that I was testing.
Indications from your pf anchor
>> On Jul 11, 2020, at 11:20 AM, Gabri Tofano wrote:
> On 2020-07-11 06:33, Brian Brombacher wrote:
>>> On Jul 10, 2020, at 11:42 PM, Gabri Tofano wrote:
>
>> Does http work with redirects? It wasn’t clear if it did or not in
>> your first post.
> It doesn't work with
> On Jul 10, 2020, at 11:42 PM, Gabri Tofano wrote:
>
>
>> Does http work with redirects? It wasn’t clear if it did or not in
>> your first post.
>
> It doesn't work with http and that is the redirect that I was testing.
>
>> Indications from your pf anchor rules and the down
>> status
Does http work with redirects? It wasn’t clear if it did or not in
your first post.
It doesn't work with http and that is the redirect that I was testing.
Indications from your pf anchor rules and the down
status above, and the check http attribute on the https forward to
directives tell me
Here:
LAB1-LB1$ relayctl sh sum
Id TypeName Avlblty Status
1 redirecthttp active
1 table web_servers:80 active (1 hosts)
1 host172.16.101.31 4.87% up
2 table
> On Jul 10, 2020, at 9:15 PM, Gabri Tofano wrote:
>
> Here:
>
> LAB1-LB1$ relayctl sh sum
> Id TypeName Avlblty Status
> 1 redirecthttp active
> 1 table web_servers:80 active (1 hosts)
> 1
Gabri Tofano(ga...@tofanos.com) on 2020.07.07 15:38:17 -0400:
> When using redirections, no listening ports are open (I guess due to
> relayd using pf nat rules)
correct
> and I'm unable to reach both backend servers.
show the output of "relayctl sh sum".
13 matches
Mail list logo