On Tue, May 20, 2003 at 11:16:36AM -0400, Philippe Lucas wrote:
My instances.conf :
zorp_http --autobind-ip '192.168.100.135' --verbose=5 --policy /etc/zorp/policy.py
I don't think you completly understood my request:
The system works fine. The client receives data from the server through the proxy zorp. The client doesn't see zorp in the packets (source IP) but the serveur does see zorp. I'd like zorp bee completly transparent.
hm. you might need to remove the apostrophes around the IP address (as the line above is not interpreted by the shell),
My Logs :
May 20 06:01:40 bridge zorp_http[9677]: (noname/nosession): Verbosity level: 5 May 20 06:01:41 bridge zorp_http[9677]: zorp version 2.0.2 starting up May 20 06:01:41 bridge zorp_http[9677]: (noname/nosession): Zone(site-net): outbound service=intra_http May 20 06:01:41 bridge zorp_http[9677]: (noname/nosession): Zone(local): inbound service=* May 20 06:01:41 bridge zorp_http[9677]: (noname/nosession): Zone(internet): inbound service=* May 20 06:01:45 bridge zorp_http[9677]: (zorp@site/intra_http): Starting service; name='intra_http' May 20 06:01:45 bridge zorp_http[9677]: (zorp@site/intra_http:0): Starting proxy instance; client_fd='16', client_address='AF_INET(192.168.100.199:2092)', client_zone='Zone(site-net, 192.168.100.0/24)', client_local='AF_INET(192.168.0.251:80)' May 20 06:01:45 bridge zorp_http[9677]: (zorp@site/intra_http:0/http): Proxy starting; class='IntraHttp', module='http' May 20 06:01:45 bridge zorp_http[9683]: (zorp@site/intra_http:0/http): Server connection established; server_fd='17', server_address='AF_INET(192.168.0.251:80)', server_zone='Zone(internet, 0.0.0.0/0)', server_local='AF_INET(192.168.0.134:42488)'
Hmm. The log snippet above shows that a client was connected from 192.168.100.199:2092, with a destination address 192.168.0.251:80 and Zorp wanted to connect to the same server using the local address 192.168.0.134:42488. This means that it did not even try to use the forged address... Please try using ForgeClientSourceNAT as SNAT instead of the forge_addr parameter, like: def zorp_http(): Service("intra_http", HttpProxy, router=TransparentRouter(), snat=ForgeClientSourceNAT()) .... (ForgeClientSourceNAT was the previous way to specify address forging) If this does work, then there's some problem in forge_addr, if it doesn't I'd suspect some problems with the --autobind-ip arguments. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1