Próbáltam reprodukálni a hibát az általad küldött fájlokkal, de sem Debian Squeeze, sem Ubuntu Lucid Lynx alatt ez nem sikerült, sem a 3.3-as, sem 3.9-es verzióval. Nekem kézzel indítva a Zorpot mind a négy esetben sikeres volt a bind és elindult az instance. Ami annyiban azért rossz hír, hogy a nálad fennálló hiba megoldásához nem jutottunk közelebb. Így azt volna jó tenni, amit Lázár Imre is írt: 1. megnézni, hogy nálad kézzel indítva mi történik /usr/lib/zorp/zorp --as zorp_http --verbose=6 --policy /etc/zorp/policy.py --foreground --no-syslog 2. ha kézzel sem indul, akkor az strace kimenetét kellene elküldeni strace -o strace.zorp -f elobbi_parancs Üdv, Szilárd On Fri, 2011-02-25 at 15:56 +0100, Farkas Dániel wrote:
---------- #cat /etc/zorp/instances.conf
# This file lists the Zorp instances you want to run. # # The instance name and arguments _must_ be separated by spaces instead # of tabs! Otherwise zorpctl will stop working.
#instance arguments zorp_http --verbose=9 --policy /etc/zorp/policy-http.py
---------- # netstat -nlp | grep zorp nincs semmi
---------- # ps axuw | grep zorp root 3233 0.0 0.2 3300 736 pts/6 S+ 15:50 0:00 grep zorp itt is csak az aktuális parancs miatt van zorp
---------- #/etc/init.d/zorp restart
Restarting Zorp Firewall Suite: Traceback (most recent call last): File "/usr/local/share/zorp/pylib/Zorp/Zorp.py", line 485, in init func() File "/etc/zorp/policy-http.py", line 55, in zorp_http Listener(bindto=SockAddrInet("10.20.2.169", 80), service="intra_http", transparent=TRUE) File "/usr/local/share/zorp/pylib/Zorp/Listener.py", line 189, in __init__ Dispatcher.__init__(self, convertSockAddrToDB(bindto, ZD_PROTO_TCP), service, **kw) File "/usr/local/share/zorp/pylib/Zorp/Dispatch.py", line 388, in __init__ AbstractDispatch.__init__(self, Zorp.firewall_name, bindto, **kw) File "/usr/local/share/zorp/pylib/Zorp/Dispatch.py", line 227, in __init__ self.dispatches.append(Dispatch(self.session_id, bindto, prio, self.accepted, kw)) IOError: Error binding to interface zorp_http!
The following errors occurred so far: Zorp instance startup failed, instance='zorp_http', rc='512'
---------- # /var/log/messages részlete:
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(0): (nosession): Starting up; verbose_level='9', version='3.9.0', startup_id='1298645580' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(6): (nosession): System dependant init; sysdep_tproxy='tproxy40' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(7): (szig/listen): Start to listen; fd='10', address='AF_UNIX(/usr/local/var/run/zorp/zorpctl.zorp_http)' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(6): (szig/thread): thread starting; Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): (nosession): Outbound service; zone='site-net', service='*' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): (nosession): Inbound service; zone='site-net', service='*' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): (nosession): Outbound service; zone='local', service='*' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): (nosession): Inbound service; zone='local', service='*' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): (nosession): Outbound service; zone='internet', service='*' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): (nosession): Inbound service; zone='internet', service='*' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(0): (nosession): Error pinging KZorp, it is probably unavailable; result='-1' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(7): (dsp/dispatch:0): Dispatcher on address; local='SA(proto=1,addr=AF_INET(10.20.2.169:80))', prio='100' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(3): (nosession): bind() failed; bind='AF_INET(10.20.2.169:80)', error='Permission denied' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(6): (nosession): Deinitialization requested for instance; name='['zorp_http']' Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(0): (nosession): Error initializing policy; Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(0): (nosession): Error loading initial policy, exiting; Feb 25 15:53:01 kenjiro zorp/zorp_http[3240]: core.info(3): Shutting down; version='3.9.0'
------------ és a teljes policy file:
from Zorp.Core import * from Zorp.Plug import * from Zorp.Http import * from Zorp.Ftp import *
Zorp.firewall_name = 'zorp@kenjiro'
InetZone("site-net", "10.20.2.0/24", outbound_services=["*"], inbound_services=["*"])
InetZone("local", "127.0.0.0/8", inbound_services=["*"], outbound_services=["*"])
InetZone("internet", "0.0.0.0/0", inbound_services=["*"], outbound_services=["*"])
class IntraHttp(HttpProxy): def config(self): HttpProxy.config(self) require_host_header = FALSE self.hostlist = {"www2.valami.hu":("127.0.0.1", 50081)}
def setServerAddress(self, host, port): if self.hostlist.has_key(host): newhost = self.hostlist[host][0] port = self.hostlist[host][1] host = newhost else: proxyLog(self, HTTP_ERROR, 3, "Unknown target host; host='%s'", host) return FALSE
return HttpProxy.setServerAddress(self, host, port)
def zorp_http(): Service("intra_http", IntraHttp) Listener(SockAddrInet("10.20.2.169", 80), "intra_http")
Köszi a fáradozást!
Küld be a következőket, utána valószínű tudok segíteni: cat /etc/zorp/instances.conf netstat -nlp | grep zorp ps axuw | grep zorp
i. _______________________________________________ zorp-hu mailing list zorp-hu@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/zorp-hu
_______________________________________________ zorp-hu mailing list zorp-hu@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/zorp-hu