diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2017-01-08 11:20:39 +0100 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2017-01-08 11:20:39 +0100 |
commit | 1ff0afa2225aa68742af938c8c1793ede86fccbe (patch) | |
tree | c37a96c2faff13b9c49fdeaa0c6637ba0c183f84 /config | |
parent | 335220c954649aad4a709e977e9f5efc020071bf (diff) | |
download | OpenBSD-firewall-1ff0afa2225aa68742af938c8c1793ede86fccbe.tar.gz OpenBSD-firewall-1ff0afa2225aa68742af938c8c1793ede86fccbe.tar.bz2 |
added relayd
Diffstat (limited to 'config')
-rw-r--r-- | config/obr/rc.services | 3 | ||||
-rw-r--r-- | config/obr/relayd.conf | 78 |
2 files changed, 81 insertions, 0 deletions
diff --git a/config/obr/rc.services b/config/obr/rc.services index f65c1b5..6be4e49 100644 --- a/config/obr/rc.services +++ b/config/obr/rc.services @@ -19,3 +19,6 @@ chown _dhcp:_dhcp /var/db/dhcpd.leases echo ftp-proxy: starting FTP proxy... /usr/sbin/ftp-proxy -R 192.168.1.9 -p 8021 /usr/sbin/ftp-proxy -R 192.168.1.12 -p 8022 + +echo relayd: starting reverse proxy... +/usr/sbin/relayd diff --git a/config/obr/relayd.conf b/config/obr/relayd.conf new file mode 100644 index 0000000..23e4c0d --- /dev/null +++ b/config/obr/relayd.conf @@ -0,0 +1,78 @@ +interval 30 + +timeout 10000 + +prefork 5 + +log updates + +EXT_IF = 83.150.2.48 + +table <euroweb> { euroweb.lan } +table <euroserver> { euroserver.lan } + +http protocol "http_protocol" { + + return error + + match request header append "X-Forwarded-For" value "$REMOTE_ADDR" + match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" + match request header set "Connection" value "close" + match request header set "Keep-Alive" value "$TIMEOUT" + + match response header set "Server" value "Non of your business" + + tcp { nodelay, sack, socket buffer 65536, backlog 128 } + + match request tag disallowed_host + match request quick header "Host" value "www.maschezuoz.ch" \ + forward to <euroweb> no tag + match request quick header "Host" value "www.andreasbaumann.cc" \ + forward to <euroweb> no tag + match request quick header "Host" value "git.andreasbaumann.cc" \ + forward to <euroweb> no tag + match request quick header "Host" value "webmail.andreasbaumann.cc" \ + forward to <euroweb> no tag + match request quick header "Host" value "blog.andreasbaumann.cc" \ + forward to <euroweb> no tag + match request quick header "Host" value "cloud.andreasbaumann.cc" \ + forward to <euroweb> no tag + match request quick header "Host" value "mon.andreasbaumann.cc" \ + forward to <euroserver> no tag + match request quick header "Host" value "www.maschezuoz.ch" \ + forward to <euroweb> no tag + match request quick header "Host" value "www.bikecentum.com" \ + forward to <euroweb> no tag + + block request tagged disallowed_host label "BAD host" +} + +http protocol "https_protocol" { + + return error + + match request header append "X-Forwarded-For" value "$REMOTE_ADDR" + match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" + match request header set "Connection" value "close" + match request header set "Keep-Alive" value "$TIMEOUT" + + match response header set "Server" value "Non of your business" + + tcp { nodelay, sack, socket buffer 65536, backlog 128 } +} + +relay http_relay { + listen on $EXT_IF port 80 + protocol http_protocol + + forward to <euroweb> port 80 + forward to <euroserver> port 80 +} + +relay https_relay { + listen on $EXT_IF port 443 tls + protocol https_protocol + + forward with tls to <euroweb> port 443 +} +
\ No newline at end of file |