# Relayd service issue in FreeBSD 10.1



## zeux (Apr 27, 2015)

Hi to all,

I would like to use relayd on freebsdFreeBSD 10.1 as transparent proxy. I have installed it from port:

```
cd /usr/ports/net/relayd
make install clean
```
Then I have configured the service to start at boot time adding these two lines to rc.conf:

```
relayd_enable="yes"
relayd_flags=""
```
Now the problem is that if I try to start relayd service with:
`service relayd start`

It doesn't start and I do no know why...

`service relayd status` give me (a.b.c.d is my gateway):

```
delete net default fib 0
add net default: gateway a.b.c.d fib 0
delete net default fib 0
add net default: gateway a.b.c.d fib 0
relayd is not running
```
Can you help me, please?

Thank you very much...


----------



## usdmatt (Apr 27, 2015)

Are there any logs files for the service that you can look in? Leading on from that, if there is a log file with not much in, there may be extra debugging/verbose logging options you can set in rc.conf to get more information.

Problems like this are commonly because a configuration file needs to be created (or the sample file needs to be altered). For instance a perfectly normal Apache install will usually refuse to start until you edit httpd.conf and set the ServerName to something valid.


----------



## Oko (Apr 27, 2015)

If you need relayd use OpenBSD. What is wrong with Nginx? Btw relayd and httpd are under active development and httpd is not recommended for use before 5.7 release. Relayd was only recommended as a load balancer.


----------



## zeux (Apr 28, 2015)

Hi,
I have a simple /etc/relayd.conf :


```
http protocol "httpproxy" {
  return error
  label "Url is banned!"
  request url filter file "/etc/badurl"
  label "Torrent is banned!"
  response header filter "application/x-bittorrent" from "Content-Type"

}

relay "proxy" {
  listen on 127.0.0.1 port 8080
  protocol "httpproxy"
  forward to destination
}
```

But relayd service doesn't start....

Help me please...

PS: Oko: I need a trasparent proxy, how can I use Nginx for this purpose?


----------



## SirDice (Apr 28, 2015)

zeux said:


> Hi,
> I have a simple /etc/relayd.conf :


Wrong place. On FreeBSD _all_ ports have their configuration files in /usr/local/etc.


----------



## zeux (Apr 28, 2015)

Ok...I have changed directory and now relayd.conf is in /usr/local/etc/ but relayd service doesn't start....

Help me, please...


----------



## SirDice (Apr 28, 2015)

What does this output?

`/usr/local/sbin/relayd -d -v -f /usr/local/etc/relayd.conf`


----------



## zeux (Apr 28, 2015)

The output of `/usr/local/sbin/relayd -d -v -f /usr/local/etc/relayd.conf` is:

startup

```
/usr/local/etc/relayd.conf:3: syntax error
/usr/local/etc/relayd.conf:12: no such protocol: httpproxy
no actions, nothing to do
hce exiting, pid 22656
ca exiting, pid 22658
pfe exiting, pid 22655
relay exiting, pid 22657
relay exiting, pid 22660
relay exiting, pid 22659
ca exiting, pid 22661
```

Thank you...


----------



## SirDice (Apr 28, 2015)

So, the reason why it's not starting is right there. You have an error in your configuration.


----------



## zeux (Apr 28, 2015)

Which is the error in my configuration file:


```
http protocol "httpproxy" {
  return error
  label "Url is banned!"
  request url filter file "/etc/badurl"
  label "Torrent is banned!"
  response header filter "application/x-bittorrent" from "Content-Type"

}

relay "proxy" {
  listen on 127.0.0.1 port 8080
  protocol "httpproxy"
  forward to destination
}
```

Thank you


----------



## SirDice (Apr 28, 2015)

Did you read relayd.conf(5)?


----------



## wblock@ (Apr 28, 2015)

This might also help: https://calomel.org/relayd.html.


----------



## zeux (Apr 28, 2015)

Yes I have read relayd.conf(5) and https://calomel.org/relayd.htm but I can't understand where is the error in the configuration file....


----------



## SirDice (Apr 28, 2015)

There is no protocol named "httpproxy".


----------



## zeux (Apr 28, 2015)

"httpproxy" is just a name that I give at http protocol configuration. Look at relayd.conf example...


----------



## Oko (Apr 28, 2015)

wblock@ said:


> This might also help: https://calomel.org/relayd.html.


Please don't go there. That guy has being flamed gazillion times on misc@openbsd because of inaccurate howtos and plain wrong advises. For the God's sake, OpenBSD and things developed within that project come with stellar man pages. If people can't read them they should not be using the software.

@OP Nginx comes also with very good documentation too. It sounded like you didn't bother to look at it.


----------



## zeux (Apr 29, 2015)

I carefully read man page of relayd.conf but I can't find my error...

Help me...


----------



## zeux (Apr 29, 2015)

I also tried this configuration: 

```
http protocol "httpfilter" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }

### Return HTTP/HTML error pages
return error

label "BAD User-Agent"
request header filter "*Firefox*" from "User-Agent"

### Appends the $REMOTE_ADDR to "X-Forwarded-For Header"
header append "$REMOTE_ADDR" to "X-Forwarded-For"

### Add your own HTTP-Headers
request header append "True" to "Secured"

label "BAD request method"
request header expect "GET"

label "BAD Hostname"
request header expect "www.mysite.com" from "Host"
request header expect "mysite.com" from "Host"

label "Replace Server"
response header change "Server" to "Secured"
}

relay mysite_http {
listen on 127.0.0.1 port http
protocol "httpfilter"
forward to port http mode loadbalance check http "/" code 200
forward to check http "/" code 200
}
```

with this result:


```
startup
/usr/local/etc/relayd.conf:7: syntax error
/usr/local/etc/relayd.conf:11: syntax error
/usr/local/etc/relayd.conf:14: syntax error
/usr/local/etc/relayd.conf:29: no such protocol: httpfilter
no actions, nothing to do
hce exiting, pid 25305
ca exiting, pid 25307
pfe exiting, pid 25304
relay exiting, pid 25308
relay exiting, pid 25306
relay exiting, pid 25309
ca exiting, pid 25310
```

I can't understand where I make error. Why at lines 7,11,14 I have a "syntax error"?


----------



## tobik@ (Apr 29, 2015)

If you look at the source (specifically parse.y, search for DESTINATION) for net/relayd you will see that the FreeBSD port does not support forward to destination that's why you get a syntax error there.


----------



## zeux (Apr 29, 2015)

tobik in my second configuration file there isn't "forward to destination".

To be sure I changed my first configuration file in:


```
http protocol "httpproxy" {
  return error
  label "Url is banned!"
  request url filter file "/etc/badurl"
  label "Torrent is banned!"
  response header filter "application/x-bittorrent" from "Content-Type"

}

relay "proxy" {
  listen on 127.0.0.1 port 8080
  protocol "httpproxy"
  forward to nat lookup
}
```

but the result is the same:


```
startup
/usr/local/etc/relayd.conf:4: syntax error
/usr/local/etc/relayd.conf:12: no such protocol: http_filter
no actions, nothing to do
hce exiting, pid 25447
pfe exiting, pid 25446
ca exiting, pid 25449
relay exiting, pid 25448
ca exiting, pid 25452
relay exiting, pid 25451
relay exiting, pid 25450
```

Why I have a syntax error at line 4 (label "Url is banned!") ?

Thank you...


----------



## tobik@ (Apr 29, 2015)

You are missing an action for request and response, there is block, match and pass as per relayd.conf(5):

```
http protocol "httpproxy" {
  return error
  block request url filter file "/etc/badurl" label "Url is banned!"
  match response header "Content-Type" value "application/x-bittorrent" label "Torrent is banned!"
}

relay "proxy" {
  listen on 127.0.0.1 port 8080
  protocol "httpproxy"
  forward to nat lookup
}
```
This is just an example that passes the syntax check, I neither know if this will work nor if it is correct. I can't be of any more help here.

Btw, the examples on https://calomel.org/relayd.html seem to be wrong as they are not even syntax checking correctly...


----------



## zeux (Apr 29, 2015)

Thank you very much...now relayd works correctly...


----------



## zeux (Apr 29, 2015)

Now I have some questions about relayd.conf :


Is it possible syncing table defined in pf.conf with table defined in relayd.conf or, in relayd.conf, is possible to use table defined in pf.conf?
Can I add and/or remove host on the fly (like in pf with `pfctl -t table_name -T add 192.168.5.24`)?

Is it possible to block some URLs if the request is coming from a host in a table? For example Can I block url "youtube.com" if the request is coming from 192.168.5.24 that is in a table named "blocked"?
Thank you very much...


----------

