Sziasztok! Zorp megkapja a requestet, el is inditja a proxy-t, a proxy felvenne a kapcsolatot a belso webszerverrel, a webszerver probal valaszolni, de az ip kapcsolat mar nem jon letre holott a valasz csomag megjelenik a zorpot futtato gepen es az iptables sem dobja ki. Ugyanaz a helyzet http es https eseten is. A csomagok a megfelelo host/port parosra valaszolnak ugy gondolom. Hol nezzek korul? #dpkg -l zorp ii zorp 3.0.9 #dpkg -l iptables iptables 1.2.11-8.zorpos5 #uname -r 2.6.15.6 iptables config: iptables -t tproxy -L Chain PREROUTING (policy ACCEPT) target prot opt source destination TPROXY tcp -- anywhere zorp tcp dpt:https TPROXY redirect 0.0.0.0:1201 TPROXY tcp -- anywhere zorp tcp dpt:www TPROXY redirect 0.0.0.0:1200 zorp config: # Includes from Zorp.Core import * from Zorp.Http import * from Zorp.Pssl import * # Main configuration Zorp.firewall_name = 'zorp' # Networks InetZone( "Internet", "0.0.0.0/0", inbound_services=["http", "https"], outbound_services=["http", "https"] ) InetZone( "app-net", "10.11.0.0/16", inbound_services=["http", "https"], outbound_services=["http", "https"] ) # HTTP Proxy class HTTPProxy(HttpProxy): def config(self): HttpProxy.config(self) self.default_port = 443 # HTTP Proxy class HTTPProxy(HttpProxy): def config(self): HttpProxy.config(self) # HTTPS Proxy - Listener class HTTPSListener(PsslProxy): def config(self): PsslProxy.config(self); self.copy_to_server = TRUE; self.copy_to_client = TRUE; self.client_need_ssl = TRUE; self.server_need_ssl = FALSE; self.shutdown_soft = TRUE; self.client_verify_type = SSL_VERIFY_NONE; self.server_verify_type = SSL_VERIFY_NONE; self.client_cert = "/etc/zorp/certs/test.crt"; self.client_key = "/etc/zorp/keys/test.key"; # HTTPS Proxy class HTTPSHelper(HttpProxy): def config(self): HttpProxy.config(self) self.default_port = 443 # HTTPS Proxy - Worker class HTTPSWorker(PsslProxy): def config(self): PsslProxy.config(self); self.copy_to_server = TRUE; self.copy_to_client = TRUE; self.client_need_ssl = FALSE; self.server_need_ssl = TRUE; self.shutdown_soft = TRUE; self.client_verify_type = SSL_VERIFY_NONE; self.server_verify_type = SSL_VERIFY_NONE; self.client_cert = "/etc/zorp/certs/test.crt"; self.client_key = "/etc/zorp/keys/test.key"; # Instance definition def web(): Service( "http", HTTPProxy, router=InbandRouter(forge_addr=TRUE), resolver=DNSResolver() ) Service( "https", HTTPSListener, router=InbandRouter(forge_addr=TRUE), chainer=SideStackChainer( HTTPSHelper, SideStackChainer(HTTPSWorker) ) ) Listener(SockAddrInet('0.0.0.0', 1200), "http") Listener(SockAddrInet('0.0.0.0', 1201), "https") -- Pásztor Lénárd Zoltán rendszergazda Wonderline Hungary Kft. Telefon: (+36-1) 272.0242 Fax: (+36-1) 272.0252 E-mail: lenard.pasztor@wonderline.hu Honlap: www.wonderline.hu