On Mon, Mar 31, 2003 at 10:44:15AM +0200, Robert Penz wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Saturday 29 March 2003 17:58, Tito Flagella wrote:
I had the same error due to lackness of the /var/run/zorp directory. created that directory and i didn't get that error messages anymore, thx.
At least with my configuration zorp needed to do an udp socket there. not really a socket but
debian:/var/run/zorp# l total 0 srwxr-xr-x 1 root root 0 Mar 31 10:38 zorpctl.extern srwxr-xr-x 1 root root 0 Mar 31 10:38 zorpctl.intern
not very secure
These sockets are placeholders for IPC communication between Zorp and local processes. For now they are not really used, the only possibility is to query the running threads in a given instance. The file permissions on the directory /var/run/zorp should be more restrictive. (e.g. 700) however I'm adding a bugticket to fix the file permissions as well.
intern -v3 -p /etc/zorp/policy.py --autobind-ip autobind='1.1.1.1' extern -v3 -p /etc/zorp/policy.py --autobind-ip autobind='1.1.1.2' Are you sure about the autobind syntax? We are using "-B 1.1.1.1", from the usage info it would seem that you should use "--autobind-ip 1.1.1.1" I know also of the -B stuff, I can also take that one ;-)
We are now using one of the server's ip, and I didn't observe any difference from using a dummy interface. my problem is that a bridge has only one ip on all interfaces, and I believe I can only bind on instance to an ip.
No, the dummy IP can be shared among instances. The dummy address is basically used for redirection to the local IP stack. When Zorp wants to initiate a connection from a foreign IP address it binds to the dummy interface and registers a NAT mapping between the local address and the foreign address. So the only requirement that autobind-ip is local and definitely not 127.0.0.1 -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1