===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/etc/Attic/relayd.conf,v
retrieving revision 1.6
retrieving revision 1.7
diff -c -r1.6 -r1.7
*** src/etc/Attic/relayd.conf	2007/02/26 20:43:32	1.6
--- src/etc/Attic/relayd.conf	2007/10/22 08:44:54	1.7
***************
*** 1,10 ****
! # $OpenBSD: relayd.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $
  #
  # Macros
  #
  ext_addr="192.168.1.1"
  webhost1="10.0.0.1"
  webhost2="10.0.0.2"
  
  #
  # Global Options
--- 1,11 ----
! # $OpenBSD: relayd.conf,v 1.7 2007/10/22 08:44:54 reyk Exp $
  #
  # Macros
  #
  ext_addr="192.168.1.1"
  webhost1="10.0.0.1"
  webhost2="10.0.0.2"
+ sshhost1="10.0.0.3"
  
  #
  # Global Options
***************
*** 43,58 ****
  }
  
  #
! # Relays and protocols are used for Layer 7 loadbalancing
  #
  protocol httpssl {
!         protocol http
  	header append "$REMOTE_ADDR" to "X-Forwarded-For"
  	header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
  	header change "Connection" to "close"
  
!         # Various TCP performance options
!         tcp { nodelay, sack, socket buffer 65536, backlog 128 }
  
  #	ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
  #	ssl session cache disable
--- 44,59 ----
  }
  
  #
! # Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
  #
  protocol httpssl {
! 	protocol http
  	header append "$REMOTE_ADDR" to "X-Forwarded-For"
  	header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
  	header change "Connection" to "close"
  
! 	# Various TCP performance options
! 	tcp { nodelay, sack, socket buffer 65536, backlog 128 }
  
  #	ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
  #	ssl session cache disable
***************
*** 65,68 ****
--- 66,106 ----
  
  	# Forward to hosts in the webhosts table using a src/dst hash
  	table webhosts loadbalance
+ }
+ 
+ #
+ # Relay and protocol for simple TCP forwarding on layer 7
+ #
+ protocol sshtcp {
+ 	protocol tcp
+ 
+ 	# The TCP_NODELAY option is required for "smooth" terminal sessions
+ 	tcp nodelay
+ }
+ 
+ relay sshgw {
+ 	# Run as a simple TCP relay
+ 	listen on $ext_addr port 2222
+ 	protocol sshtcp
+ 
+ 	# Forward to the shared carp(4) address of an internal gateway
+ 	forward to $sshhost1 port 22
+ }
+ 
+ #
+ # Relay and protocol for a transparent HTTP proxy
+ #
+ protocol httpfilter {
+ 	protocol http
+ 	header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
+ 	response header filter "application/*" from "Content-Type"
+ }
+ 
+ relay httpproxy {
+ 	# Listen on localhost, accept redirected connections from pf(4)
+ 	listen on 127.0.0.1 port 8080
+ 	protocol httpfilter
+ 
+ 	# Forward to the original target host
+ 	nat lookup
  }