Hello! 2.4.25-os kernel zorpos patch-ekkel, 2.1.8-as zorp. Gond nelkul megy. Kicsereltem a kernelt 2.4.28-ra (szinten zorpos patch-ekkel), azota mindenfele titokzatos dolgok tortennek. Harom pelda: from Zorp.Core import * from Zorp.Plug import * Zorp.firewall_name = 'zorp-winupdate@xxx.hu' InetZone("winupdate", "192.168.0.0/16", inbound_services=["win_update"], outbound_services=["win_update"]) InetZone("internet", "0.0.0.0/0", inbound_services=["win_update"], outbound_services=[]) class WinUpdate(PlugProxy): pass def init(name): debug(0, "Policy init, name=%s" % name) Service("win_update", WinUpdate, TransparentRouter()) Listener(SockAddrInet("192.168.1.254", 60443), "win_update") debug(0, "Policy bootstrap done..."); Eddig a winupdate zonaban nem kellett az inbound-hoz beirni a win_update reszt, ment anelkul is. A kernelcsere ota ez a hibauzenet (ha nincs bent az inbound-ban a win_update): Apr 7 07:25:04 fw zorp_winupdate[769]: (zorp-winupdate@xxx.hu/win_update): Starting service; name='win_update' Apr 7 07:25:04 fw zorp_winupdate[769]: (zorp-winupdate@xxx.hu/win_update:0): Starting proxy instance; client_fd='15', client_address='AF_INET(192.168.1.201:59787)', client_zone='Zone(winupdate, 192.168.0.0/16)', client_local='AF_INET(192.168.1.254:60443)' Apr 7 07:25:04 fw zorp_winupdate[769]: (zorp-winupdate@xxx.hu/win_update:0/plug): Proxy starting; class='WinUpdate', module='plug' Apr 7 07:25:05 fw zorp_winupdate[22730]: (zorp-winupdate@xxx.hu/win_update:0): Inbound service not permitted; service='win_update', zone='Zone(winupdate, 192.168.0.0/16)' Apr 7 07:25:05 fw zorp_winupdate[22730]: (zorp-winupdate@xxx.hu/win_update:0/plug): DAC policy violation; info='None' Apr 7 07:25:05 fw zorp_winupdate[22730]: (zorp-winupdate@xxx.hu/win_update:0/plug): Proxy ending; class='WinUpdate', module='plug' Masik pelda: from Zorp.Core import * from Zorp.Http import * Zorp.firewall_name = 'zorp-kintrol@xxx.hu' InetZone("WWW", "192.168.12.2/32", inbound_services=["id_http"], outbound_services=[]) InetZone("internet", "0.0.0.0/0", inbound_services=[], outbound_services=["id_http"]) class IDHttp(HttpProxyURIFilter): matcher=RegexpFileMatcher('/etc/zorp/http.black', '/etc/zorp/http.white') def config(self): HttpProxyURIFilter.config(self) self.transparent_mode = 1 def filterURL(self, method, url, version): log("http.info", 3, "%s: GET: %s" % (self.session.session_id, url)) def init(name): debug(0, "Policy init, name=%s" % name) Service("id_http", IDHttp, DirectedRouter(SockAddrInet("192.168.12.2", 80), forge_addr = TRUE)) Listener(SockAddrInet("193.225.188.11", 50080), "id_http") debug(0, "Policy bootstrap done..."); pr 7 13:48:23 fw zorp_kintrol[768]: (zorp-kintrol@xxx.hu/id_http): Starting service; name='id_http' Apr 7 13:48:23 fw zorp_kintrol[768]: (zorp-kintrol@xxx.hu/id_http:3): Starting proxy instance; client_fd='17', client_address='AF_INET(80.99.101.98:39694)', client_zone='Zone(internet, 0.0.0.0/0)', client_local='AF_INET(193.225.188.11:50080)' Apr 7 13:48:23 fw zorp_kintrol[768]: (zorp-kintrol@xxx.hu/id_http:3/http): Proxy starting; class='IDHttp', module='http' Apr 7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): Accounting; command='GET', url='http://www.xxx.hu/' Apr 7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): http accounting; request='GET http://www.xxx.hu/ HTTP/1.1' Apr 7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): bind() failed; error='Cannot assign requested address' Apr 7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): Server connection failure; server_address='AF_INET(192.168.12.2:80)', server_zone='Zone(WWW, 192.168.12.2/32)', server_local='AF_INET(80.99.101.98:0)' Apr 7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): Proxy ending; class='IDHttp', module='http' Apr 7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3): Ending proxy instance; Apr 7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http/client): accounting info; type='stream', duration='0', sent='853', received='391' Sima ftp proxy, 200 peldanyban futhat, mindenkit kizarok, egyetlen gepen elinditok egyetlen wget-et, es 202 proxy indul, majd kozli, hogy tul sokan futnak, varakozas jon. Persze, mert gyakorlatilag nem mukodnek a peldanyok (indulas utan leall), es szepen inditana a kovetkezot, hogy kiszolgalja a kliens kereset. Mi tortent? Hogyan lehet orvosolni a problemat? Visszaallva a regebbi kernelre a problema megszunik, ezert gondolom, hogy az uj kernelhez kapcsolhato a hiba kialakulasa. -- Udvozlettel Zsiga