Relayd service issue in FreeBSD 10.1

Z

zeux

Hi to all,

I would like to use relayd on freebsdFreeBSD 10.1 as transparent proxy. I have installed it from port:
Code: 
cd /usr/ports/net/relayd
make install clean
Then I have configured the service to start at boot time adding these two lines to rc.conf:
Code: 
relayd_enable="yes"
relayd_flags=""
Now the problem is that if I try to start relayd service with:
service relayd start

It doesn't start and I do no know why...

service relayd status give me (a.b.c.d is my gateway):
Code: 
delete net default fib 0
add net default: gateway a.b.c.d fib 0
delete net default fib 0
add net default: gateway a.b.c.d fib 0
relayd is not running
Can you help me, please?

Thank you very much...
 
Are there any logs files for the service that you can look in? Leading on from that, if there is a log file with not much in, there may be extra debugging/verbose logging options you can set in rc.conf to get more information.

Problems like this are commonly because a configuration file needs to be created (or the sample file needs to be altered). For instance a perfectly normal Apache install will usually refuse to start until you edit httpd.conf and set the ServerName to something valid.
 
If you need relayd use OpenBSD. What is wrong with Nginx? Btw relayd and httpd are under active development and httpd is not recommended for use before 5.7 release. Relayd was only recommended as a load balancer.
 
Hi,
I have a simple /etc/relayd.conf :

Code: 
http protocol "httpproxy" {
  return error
  label "Url is banned!"
  request url filter file "/etc/badurl"
  label "Torrent is banned!"
  response header filter "application/x-bittorrent" from "Content-Type"

}

relay "proxy" {
  listen on 127.0.0.1 port 8080
  protocol "httpproxy"
  forward to destination
}

But relayd service doesn't start....

Help me please...

PS: Oko: I need a trasparent proxy, how can I use Nginx for this purpose?
 
Ok...I have changed directory and now relayd.conf is in /usr/local/etc/ but relayd service doesn't start....

Help me, please...
 
What does this output?

/usr/local/sbin/relayd -d -v -f /usr/local/etc/relayd.conf
 
The output of /usr/local/sbin/relayd -d -v -f /usr/local/etc/relayd.conf is:

startup
Code: 
/usr/local/etc/relayd.conf:3: syntax error
/usr/local/etc/relayd.conf:12: no such protocol: httpproxy
no actions, nothing to do
hce exiting, pid 22656
ca exiting, pid 22658
pfe exiting, pid 22655
relay exiting, pid 22657
relay exiting, pid 22660
relay exiting, pid 22659
ca exiting, pid 22661

Thank you...
 
So, the reason why it's not starting is right there. You have an error in your configuration.
 
Which is the error in my configuration file:

Code: 
http protocol "httpproxy" {
  return error
  label "Url is banned!"
  request url filter file "/etc/badurl"
  label "Torrent is banned!"
  response header filter "application/x-bittorrent" from "Content-Type"

}

relay "proxy" {
  listen on 127.0.0.1 port 8080
  protocol "httpproxy"
  forward to destination
}

Thank you
 
"httpproxy" is just a name that I give at http protocol configuration. Look at relayd.conf example...
 
wblock@ said:
This might also help: https://calomel.org/relayd.html.
Click to expand...
Please don't go there. That guy has being flamed gazillion times on misc@openbsd because of inaccurate howtos and plain wrong advises. For the God's sake, OpenBSD and things developed within that project come with stellar man pages. If people can't read them they should not be using the software.

@OP Nginx comes also with very good documentation too. It sounded like you didn't bother to look at it.
 
I also tried this configuration:
Code: 
http protocol "httpfilter" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }

### Return HTTP/HTML error pages
return error

label "BAD User-Agent"
request header filter "*Firefox*" from "User-Agent"

### Appends the $REMOTE_ADDR to "X-Forwarded-For Header"
header append "$REMOTE_ADDR" to "X-Forwarded-For"

### Add your own HTTP-Headers
request header append "True" to "Secured"

label "BAD request method"
request header expect "GET"

label "BAD Hostname"
request header expect "www.mysite.com" from "Host"
request header expect "mysite.com" from "Host"

label "Replace Server"
response header change "Server" to "Secured"
}

relay mysite_http {
listen on 127.0.0.1 port http
protocol "httpfilter"
forward to port http mode loadbalance check http "/" code 200
forward to check http "/" code 200
}

with this result:

Code: 
startup
/usr/local/etc/relayd.conf:7: syntax error
/usr/local/etc/relayd.conf:11: syntax error
/usr/local/etc/relayd.conf:14: syntax error
/usr/local/etc/relayd.conf:29: no such protocol: httpfilter
no actions, nothing to do
hce exiting, pid 25305
ca exiting, pid 25307
pfe exiting, pid 25304
relay exiting, pid 25308
relay exiting, pid 25306
relay exiting, pid 25309
ca exiting, pid 25310

I can't understand where I make error. Why at lines 7,11,14 I have a "syntax error"?
 
If you look at the source (specifically parse.y, search for DESTINATION) for net/relayd you will see that the FreeBSD port does not support forward to destination that's why you get a syntax error there.
 
tobik in my second configuration file there isn't "forward to destination".

To be sure I changed my first configuration file in:

Code: 
http protocol "httpproxy" {
  return error
  label "Url is banned!"
  request url filter file "/etc/badurl"
  label "Torrent is banned!"
  response header filter "application/x-bittorrent" from "Content-Type"

}

relay "proxy" {
  listen on 127.0.0.1 port 8080
  protocol "httpproxy"
  forward to nat lookup
}

but the result is the same:

Code: 
startup
/usr/local/etc/relayd.conf:4: syntax error
/usr/local/etc/relayd.conf:12: no such protocol: http_filter
no actions, nothing to do
hce exiting, pid 25447
pfe exiting, pid 25446
ca exiting, pid 25449
relay exiting, pid 25448
ca exiting, pid 25452
relay exiting, pid 25451
relay exiting, pid 25450

Why I have a syntax error at line 4 (label "Url is banned!") ?

Thank you...
 
You are missing an action for request and response, there is block, match and pass as per relayd.conf(5):
Code: 
http protocol "httpproxy" {
  return error
  block request url filter file "/etc/badurl" label "Url is banned!"
  match response header "Content-Type" value "application/x-bittorrent" label "Torrent is banned!"
}

relay "proxy" {
  listen on 127.0.0.1 port 8080
  protocol "httpproxy"
  forward to nat lookup
}
This is just an example that passes the syntax check, I neither know if this will work nor if it is correct. I can't be of any more help here.

Btw, the examples on https://calomel.org/relayd.html seem to be wrong as they are not even syntax checking correctly...
 
Now I have some questions about relayd.conf :

  • Is it possible syncing table defined in pf.conf with table defined in relayd.conf or, in relayd.conf, is possible to use table defined in pf.conf?
  • Can I add and/or remove host on the fly (like in pf with pfctl -t table_name -T add 192.168.5.24)?
  • Is it possible to block some URLs if the request is coming from a host in a table? For example Can I block url "youtube.com" if the request is coming from 192.168.5.24 that is in a table named "blocked"?
Thank you very much...
 
You must log in or register to reply here.
Back
Top