zorp-hu

Download

zorp-hu@lists.balabit.hu

May 2013

2 participants
1 discussions

ssh nem megy
by Gabor Tusnady 13 Jun '13

13 Jun '13

Sziasztok! Van egy regi tuzfal, amin meg 2.0.8-as zorp fut. Ezen volt egy instance, ami az internet iranyabol engedte a dmz zonaba egy gepre az ssh kapcsolatot: def o2m_ssh(): Service("om_ssh", MyPlugProxy, router=DirectedRouter(SockAddrInet('aa.bb.cc.dd', 22),TRUE)) Listener(SockAddrInet("xx.yy.zz.vv", 22), "om_ssh") ahol aa.bb.cc.dd a dmz-ben levo szerver ip cime, xx.yy.zz.vv az internet oldali ipcime a tuzfalnak. Most ugyanezt szeretnem megcsinalni egy ubuntu 12.04 LTS alatt levo zorp 3.9.2-vel: def o2m_ssh(): Service("om_ssh", MyPlugProxy, router=DirectedRouter(SockAddrInet('aa.bb.cc.dd', 22),TRUE)) Dispatcher(bindto=DBIface(protocol=ZD_PROTO_TCP, iface="eth0", ip="xx.yy.zz.vv", port=22), service="om_ssh", transparent=FALSE, threaded=FALSE, backlog=255) De nem megy. A log-ban a kovetkezot latom (ee.ff.gg.hh a kulso gep cime, ahonnet inditom az ssh-t): May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (dsp/dispatch:0): Incoming connection; protocol='1', remote='AF_INET(ee.ff.gg.hh:50074)', local='AF_INET(xx.yy.zz.vv:22)', dest='AF_INET(xx.yy.zz.vv:22)' May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.session(5): (svc/om_ssh): Starting service; name='om_ssh' May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.session(3): (svc/om_ssh:0): Starting proxy instance; client_fd='15', client_address='AF_INET(ee.ff.gg.hh:50074)', client_zone='Zone(out, 0.0.0.0/0)', client_local='AF_INET(xx.yy.zz.vv:22)', client_protocol='TCP' May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.session(5): (svc/om_ssh:0/plug): Proxy starting; class='MyPlugProxy', proxy='plug' May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (group): thread starting; May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Attribute changed; attribute='language', newvalue=''en'' May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Attribute fetched; attribute='ssl', value='ZPolicyStruct object type Shared' May 27 23:24:38 zorp/o2m_ssh[6059]: last message repeated 7 times May 27 23:24:38 fal zorp/o2m_ssh[6059]: plug(2): (group): S: AF_INET(xx.yy.zz.vv:22) C: AF_INET(ee.ff.gg.hh:50074) May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Attribute fetched; attribute='ssl', value='ZPolicyStruct object type Shared' May 27 23:24:38 zorp/o2m_ssh[6059]: last message repeated 2 times May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Attribute fetched; attribute='server_local_tos', value='0' May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.error(2): (svc/om_ssh:0/plug): Connection to remote end failed; local='AF_INET(xx.yy.zz.vv:35463)', remote='AF_INET(aa.bb.cc.dd:22)', error='connection timed out' May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Established connection; conn='NULL' May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.stderr(3): (stderr): #012 May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.stderr(3): (stderr): (zorp:6059): GLib-WARNING **: (/build/buildd/glib2.0-2.32.3/./glib/gerror.c:390):g_error_new_valist: runtime check failed: (domain != 0)#012 May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.session(3): (svc/om_ssh:0/plug): Server connection failure; server_address='AF_INET(aa.bb.cc.dd:22)', server_zone='Zone(dmz, 192.168.0.0/24)', server_local='None', server_protocol='TCP' May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Proxy destroy; class='MyPlugProxy', module='plug' May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug/client): Shutdown channel; fd='15', mode='2' May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug/client): Closing stream; type='ZStreamFD' May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.session(5): (svc/om_ssh:0/plug): Proxy ending; class='MyPlugProxy', module='plug' May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.session(4): (svc/om_ssh:0): Ending proxy instance; A MyPlugProxy igy nez ki: class MyPlugProxy(PlugProxy): def config(self): PlugProxy.config(self) log("plug",2,"S: %s C: %s" % (self.session.client_local, self.session.client_address)) a dmz-ben levo szerverre a tuzfalrol lehet ssh-zni. Mit rontok el? Koszonom, Gabor

4 8