opnsense
relayd redirect not working
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
- [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue
Hi, trying to use relayd with "redirect" virtual, when i click "save" gui start a sort of infinite loop and does nothing. Everything works fine if relayd is configured with "relay" virtual (i use it to relay ldap/ad-gc request to my ad controller : works like a charm!).
I try to implement what s in relayd manpage : "It is possible to specify multiple listen directives with different IP protocols in a single redirection configuration:
redirect "dns" {
listen on dns.example.com tcp port 53
listen on dns.example.com udp port 53
forward to <dnshosts> port 53 check tcp
}
" no way;
i suspect a bug in the ui but i dont know how to debug it in order to help. Many thanks fore reading
Software version used and hardware type if relevant, e.g.:
OPNsense 24.1.3_1-amd64 FreeBSD 13.2-RELEASE-p10 OpenSSL 3.0.13
not a bug, just not supported (and not needed). You can easily specify 2 virtual servers (one for tcp one for udp) to reach the same goal.
Thank you for your response
not a bug, just not supported (and not needed). You can easily specify 2 virtual servers (one for tcp one for udp) to reach the same goal.
Thanks for your answer, but i can define a virtual server relay-mode in TCP (and i ve tested for dns port 53 with dig +tcp ... ) it works. but i can not define an UDP virtual server relay-mode (as it is written in the man page of relayd.conf ).
If someone can send/show me an example
you seem to be mixing some sections of the relayd man page, relay is only possible for tcp (which is why you can't select a proto in the gui either). from the manual:
The relay configuration directives are described below: .... listen on address port port [tls]
you seem to be mixing some sections of the relayd man page, relay is only possible for tcp (which is why you can't select a proto in the gui either). from the manual:
The relay configuration directives are described below: .... listen on address port port [tls]
no, as far as i ve understood, there is 2 mode in relayd
- relay
- redirect
in redirect :
dns protocol
(UDP) Domain Name System (DNS) protocol. The requested IDs in
the DNS header will be used to match the state. relayd(8)
replaces these IDs with random values to compensate for
predictable values generated by some hosts.
and in example section :
redirect "dns" {
listen on dns.example.com tcp port 53
listen on dns.example.com udp port 53
forward to <dnshosts> port 53 check tcp
}
my goal is to have something like in zenloadbalancer or simplest as pen https://siag.nu/pen/ .
you need two virtual hosts for that indeed, one for udp, one for tcp. when redirecting dns traffic, make sure you're not breaking your own dns in the process by the way, it would explain vague behavior.
This issue has been automatically timed-out (after 180 days of inactivity).
For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.
If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.
