On Thu, Sep 16, 2004 at 03:37:06PM +0200, Kosa Attila wrote:
OK, atszerveztem. Jelentkezem, ha tobbet tudok. Amugy transzparens.
8 ora 46 perckor (masodpercekkel az ujrainditasa utan): PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 25636 root 9 0 4524 4520 2700 S 0.0 1.8 0:00.50 /usr/lib/zorp/zorp 17 ora 07 perckor (reggel ota nem volt ujrainditva): 25636 root 9 0 15188 14m 3236 S 0.0 5.9 0:01.41 /usr/lib/zorp/zorp A policy.py fajl: from Zorp.Core import * from Zorp.Http import * from Zorp.Pssl import * Zorp.firewall_name = 'zorp-https@XXX.hu' InetZone("webezes", "192.168.0.0/16", inbound_services=[], outbound_services=["intra_https"]) InetZone("internet", "0.0.0.0/0", inbound_services=["intra_https"], outbound_services=[]) class IntraHttps(PsslProxy): class EmbeddedHttp(HttpProxy): def config(self): HttpProxy.config(self) self.transparent_mode = TRUE def config(self): self.server_need_ssl = TRUE self.server_verify_type = SSL_VERIFY_REQUIRED_TRUSTED self.server_ca_directory = '/etc/zorp/ca.crt' self.client_need_ssl = TRUE self.client_cert = '/etc/zorp/https.crt' self.client_key = '/etc/zorp/https.key' self.client_verify_type = SSL_VERIFY_NONE self.stack_proxy = self.EmbeddedHttp self.server_verify_depth = 2 def init(name): debug(0, "Policy init, name=%s" % name) Service("intra_https", IntraHttps, TransparentRouter()) Listener(SockAddrInet("192.168.1.254", 50443), "intra_https") debug(0, "Policy bootstrap done..."); Az instances.conf fajl: zorp_https --verbose=5 --threads=200 --policy /etc/zorp/policy-https.py --autobind-ip 192.168.200.254 Kernel: 2.4.25-zorpos, teljesen friss Sarge, a zorpot a www.balabit.hu-rol toltottuk le, es portoltuk Sarge ala. # COLUMNS=150 dpkg -l python* | grep ^ii ii python 2.3.4-3 An interactive high-level object-oriented language (default version) ii python-extclass 1.2.0zope-2.5.1-1.3 Improves integration between Python and C++ classes ii python2.3 2.3.4-10 An interactive high-level object-oriented language (version 2.3) ii python2.3-extclass 1.2.0zope-2.5.1-1.3 Improves integration between Python and C++ classes (Python 2.3) # dpkg -l zorp* | grep ^ii ii zorp 2.1.7.2 An advanced protocol analyzing firewall ii zorp-modules 2.1.7.2 Default proxy modules for Zorp Mit tudok segiteni, hogy kideruljon, mivel van gond? Mivel a http proxy-n nagyobb forgalom van (legalabbis velhetoen), mint a https-en (es az nem no - ilyen latvanyosan legalabbis), ezert inkabb a pssl-re modositom a tippemet :) -- Udvozlettel Zsiga