relayd without pf?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

relayd without pf?

Adam Thompson
OK, I'm pretty sure this is a dumb question, but...

Does relayd work properly, or at all with pf disabled?  (in 6.5-RELEASE)

It looks like it should as long as I use "relay" instead of "redirect",
but I'm having trouble, and don't want to keep banging my head against a
wall if it's something this simple.

Thanks,
-Adam


--begin relayd.conf--
http protocol rtproxy {
         pass quick
}
relay rt4 {
         listen on 0.0.0.0 port 80
         protocol rtproxy
         forward to 127.0.0.1 port 8080
}
relay rt6 {
         listen on :: port 80
         protocol rtproxy
         forward to ::1 port 8080
}
--end relayd.conf--

Reply | Threaded
Open this post in threaded view
|

Re: relayd without pf?

Adam Thompson
On 2019-05-14 15:42, Adam Thompson wrote:
> OK, I'm pretty sure this is a dumb question, but...
>
> Does relayd work properly, or at all with pf disabled?  (in
> 6.5-RELEASE)


I have partially answered my own question.  That last message was posted
prematurely, in more than one way, sorry!

1. the relayd.conf in the previous message was copied-and-pasted from
the wrong window, in mid-edit.

2. relayd(8) does not work with pf(4) disabled.  I'm unclear if this is
a bug, or by design.  With pf disabled, it outputs:
root@rt:~# relayd -dv
startup
relayd: pfe: pf is disabled
parent: proc_open: imsg_flush: Broken pipe
ca exiting, pid 37187
ca exiting, pid 79962
ca exiting, pid 95113
root@rt:~# hce exiting, pid 91576
relay exiting, pid 26432
relay exiting, pid 6966
relay exiting, pid 50166

The message "pfe: pf is disabled" looks like an informational message to
me, I'm not using any pf features, so it shouldn't matter... but it very
much does matter, and relayd exits shortly after starting if pf is
disabled.

Pinging @reyk - is this a bug or deliberate?

-Adam

Reply | Threaded
Open this post in threaded view
|

Re: relayd without pf?

Reyk Floeter-2

> Am 14.05.2019 um 23:06 schrieb Adam Thompson <[hidden email]>:
>
>> On 2019-05-14 15:42, Adam Thompson wrote:
>> OK, I'm pretty sure this is a dumb question, but...
>> Does relayd work properly, or at all with pf disabled?  (in 6.5-RELEASE)
>
>
> I have partially answered my own question.  That last message was posted prematurely, in more than one way, sorry!
>
> 1. the relayd.conf in the previous message was copied-and-pasted from the wrong window, in mid-edit.
>
> 2. relayd(8) does not work with pf(4) disabled.  I'm unclear if this is a bug, or by design.  With pf disabled, it outputs:
> root@rt:~# relayd -dv
> startup
> relayd: pfe: pf is disabled
> parent: proc_open: imsg_flush: Broken pipe
> ca exiting, pid 37187
> ca exiting, pid 79962
> ca exiting, pid 95113
> root@rt:~# hce exiting, pid 91576
> relay exiting, pid 26432
> relay exiting, pid 6966
> relay exiting, pid 50166
>
> The message "pfe: pf is disabled" looks like an informational message to me, I'm not using any pf features, so it shouldn't matter... but it very much does matter, and relayd exits shortly after starting if pf is disabled.
>
> Pinging @reyk - is this a bug or deliberate?
>

It’s a historical reason because redirects existed first. And most OpenBSD systems keep pf enabled by default.

But you’re right; it should be easy to fix.

Reyk



Reply | Threaded
Open this post in threaded view
|

Re: relayd without pf?

Adam Thompson
FWIW, I also encountered some slightly different error messages, I'll see if I can reproduce those.
-Adam

On May 14, 2019 4:48:29 p.m. CDT, Reyk Floeter <[hidden email]> wrote:

>
>> Am 14.05.2019 um 23:06 schrieb Adam Thompson <[hidden email]>:
>>
>>> On 2019-05-14 15:42, Adam Thompson wrote:
>>> OK, I'm pretty sure this is a dumb question, but...
>>> Does relayd work properly, or at all with pf disabled?  (in
>6.5-RELEASE)
>>
>>
>> I have partially answered my own question.  That last message was
>posted prematurely, in more than one way, sorry!
>>
>> 1. the relayd.conf in the previous message was copied-and-pasted from
>the wrong window, in mid-edit.
>>
>> 2. relayd(8) does not work with pf(4) disabled.  I'm unclear if this
>is a bug, or by design.  With pf disabled, it outputs:
>> root@rt:~# relayd -dv
>> startup
>> relayd: pfe: pf is disabled
>> parent: proc_open: imsg_flush: Broken pipe
>> ca exiting, pid 37187
>> ca exiting, pid 79962
>> ca exiting, pid 95113
>> root@rt:~# hce exiting, pid 91576
>> relay exiting, pid 26432
>> relay exiting, pid 6966
>> relay exiting, pid 50166
>>
>> The message "pfe: pf is disabled" looks like an informational message
>to me, I'm not using any pf features, so it shouldn't matter... but it
>very much does matter, and relayd exits shortly after starting if pf is
>disabled.
>>
>> Pinging @reyk - is this a bug or deliberate?
>>
>
>It’s a historical reason because redirects existed first. And most
>OpenBSD systems keep pf enabled by default.
>
>But you’re right; it should be easy to fix.
>
>Reyk

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.