Sziasztok! A fenti felallast szerttem volna kiprobalni - Barina Tamas utan szabadon -, de elakadtam. A csomagokat feltettem, azutan en is belefutottam a python-os hibaba, amit A Kovacs Krisztian altal publikalt patch megoldott. Szoval zorp el is indul a transparent http proxy hasit, de a https-el nem boldogulok. A konfigjaim a kovetkezoek: ip + iptables: ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket --dport 433 -j DIVERT iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 443 -j TPROXY --on-port 50443 --on-ip 172.16.16.1 --tproxy-mark 0x1/0x1 iptables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff iptables -t mangle -A DIVERT -j ACCEPT policy.py from Zorp.Core import * from Zorp.Http import * from Zorp.Pssl import * # defining the intranet zone, we only allow http connection from this zone InetZone("intranet","172.16.16.0/24", outbound_services=["intra_https"], inbound_services=[]) # the internet zone, we do not allow any connection from this zone (coming "out" from this zone, # that's why outbound_services is empty) InetZone("internet","0.0.0.0/0", inbound_services=["*"], outbound_services=[]) class MyHttpsProxy(HttpProxy): def config(self): HttpProxy.config(self) self.ssl.client_verify_type = SSL_VERIFY_NONE self.ssl.client_connection_security = SSL_FORCE_SSL self.ssl.server_connection_security = SSL_FORCE_SSL self.ssl.server_ca_directory = '/etc/zorp/ca.d/' self.ssl.server_ssl_method = SSL_METHOD_ALL self.ssl.server_verify_type = SSL_VERIFY_REQUIRED_UNTRUSTED self.ssl.server_disable_proto_sslv2 = TRUE self.ssl.server_ssl_cipher = SSL_CIPHERS_HIGH self.ssl.client_key_file = '/etc/zorp/https/server.key' self.ssl.client_cert_file = '/etc/zorp/https/server.crt' self.stack_proxy = HttpProxy def zorp_https(): Service("intra_https", proxy_class=MyHttpsProxy, router=TransparentRouter(overrideable = FALSE, forge_addr = TRUE)) Listener(bindto=SockAddrInet("172.16.16.1",50443), service="intra_https", transparent=TRUE, threaded=FALSE, backlog=255) log kimenet: Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.debug(0): (nosession): Starting up; verbose_level='5', version='3.3.6', startup_id='1299657285' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.debug(5): (nosession): Outbound service; zone='intranet', service='intra_http' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.debug(5): (nosession): Outbound service; zone='intranet', service='intra_https' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.debug(5): (nosession): Inbound service; zone='internet', service='*' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Interface added; if_index='1', if_name='lo', if_flags='73' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Interface added; if_index='2', if_name='eth0', if_flags='4098' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Interface added; if_index='3', if_name='eth1', if_flags='4098' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Interface added; if_index='4', if_name='eth2', if_flags='4098' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Interface added; if_index='5', if_name='eth3', if_flags='4163' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Interface added; if_index='6', if_name='eth4', if_flags='4163' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Address added to interface; if_name='lo', if_addr='127.0.0.1' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Address added to interface; if_name='eth3', if_addr='10.10.67.1' Mar 9 08:54:45 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Address added to interface; if_name='eth4', if_addr='172.16.16.1' Mar 9 08:55:37 firewallnew zorp/zorp_https[8165]: core.info(4): (nosession): Interface info updated; if_index='6', if_name='eth4', if_flags='0x1043', if_group='0x0' Mar 9 08:55:44 firewallnew zorp/zorp_https[8165]: core.accounting(4): (szig/conn:0/stream): accounting info; type='ZStreamFD', duration='0', sent='11', received='37' Mar 9 08:55:44 firewallnew zorp/zorp_https[8165]: core.accounting(4): (szig/conn:0/stream): accounting info; type='ZStreamBuf', duration='0', sent='0', received='0' Mar 9 08:55:44 firewallnew zorp/zorp_https[8165]: core.accounting(4): (szig/conn:0/stream): accounting info; type='ZStreamLine', duration='0', sent='11', received='36' Ha barkinek van valami tippje, megkoszonom! Koszonettel: Nyika Csaba