Hello: Congratulations for your product. First: Pardon for my English. I'm a beginner (in English, Zorp and Python) Second: I`ve intalled zorp 2.0.1 (GPL-VERSION!!!)in my linux box. I want to configure zorp as Reverse Proxy (is this posible with this version?). If it is, I´m having problems with my installation/configuration. Below are instances.conf and policy-http.py files: Instances.conf (grep -v ^.*# /etc/zorp/instances.conf) -------------- Zhttp --verbose=10 --policy /etc/zorp/policy-http.py policy-http.py (grep -v ^.*# /etc/zorp/policy-http.py) -------------- from Zorp.Zorp import * from Zorp import Zorp from Zorp.Zone import InetZone from Zorp.Service import Service from Zorp.SockAddr import SockAddrInet from Zorp.Chainer import DirectedChainer from Zorp import Http from Zorp.Http import HttpProxy from Zorp.Listener import Listener Zorp.firewall_name = 'zorp@bcpc' InetZone("cpc", "192.168.1.0/24", outbound_services=[], inbound_services=["INhttp"]), InetZone("local", "127.0.0.0/8", inbound_services=["*"], outbound_services=[]), InetZone("internet", "0.0.0.0/0", inbound_services=[], outbound_services=["INhttp"]) class INhttp(HttpProxy): def config(self): HttpProxy.config(self) self.transparent_mode = 0 def init(Zhttp): Service("INhttp", DirectedChainer(SockAddrInet("192.168.1.100", 80)),\ INhttp) Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp") When zorp starts I obtain (tail -f syslog): -------------------------- Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): Verbosity level: 100 Feb 18 19:38:47 bcpc Zhttp[18175]: (Log thread): thread starting; Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): System dependant init; sysdep_tproxy='1' Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): Changing process capabilities; caps='= cap_net_bind_service+ep cap_net_admin+p' Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): Changing process capabilities; caps='= cap_net_bind_service,cap_net_admin+ep' Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): bind() failed; error='No such file or directory' Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): Resetting process capabilities; caps='= cap_net_bind_service,cap_net_admin+p' Feb 18 19:38:47 bcpc Zhttp[31782]: (conntrack/thread): thread starting; Feb 18 19:38:48 bcpc Zhttp[6578]: zorp version 2.0.0 starting up Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): Policy bootstrapping... Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): Traceback (most recent call last): Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): File "/etc/zorp/policy-http.py", line 24, in ? Feb 18 19:38:48 bcpc Zhttp[6578]: (noname/nosession): Error loading initial policy, exiting; Feb 18 19:38:48 bcpc Zhttp[6578]: zorp version 2.0.0 going down. Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): from Zorp.Chainer import DirectedChainer Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): ImportError: cannot import name DirectedChainer Feb 18 19:38:48 bcpc Zhttp[31782]: (conntrack/thread): thread exiting; I don't know why bind() fails and I don't know why DirectedChainer is not in /usr/share/zorp/pylib/Zorp/Chainer.py. Here is the output for (grep .*class in this file): class AbstractChainer: class ConnectChainer(AbstractChainer): class FailoverChainer(ConnectChainer): class SideStackChainer(AbstractChainer): My environment is: Debian 3.0.0 r0 (woody) python 2.1.3-3 python-extclass 1.2-5 Zorp 2.0.0-1 Zorp-modules 2.0.0-1 libzorpll 2.0.18.4-1 libglib2 2.0.6-1 NOTE: When I install zorp I run: dpkg -i --ignore-depends=libzorpll zorp_2.0-1_i386.deb because zorp depends from libzorpll and libzorpll depends from zorp. Is this cycle OK or I've misintalled zorp? I can't find the error in my installation/configuration. Can you help me? Best Regards. Ivan Lopez Santa Fe - Argentina _________________________________________________________________ Charla con tus amigos en línea mediante MSN Messenger: http://messenger.yupimsn.com/
On Tue, Feb 18, 2003 at 08:34:23PM -0300, Ivan Lopez wrote:
Hello: Congratulations for your product. First: Pardon for my English. I'm a beginner (in English, Zorp and Python)
No need to worry about your English, we are not native English speakers either. Although a bit of understanding in Python does not hurt, but is not absolutely necessary. The most important is to take care about indentation. When a block is started (either if, def, or class statement) the enclosed block _must_ be indented consistently. E.g. def Zhttp(): # this must be indented by the same amount # as this line # increasing indent without the start of a block is # forbidden pass
Second: I`ve intalled zorp 2.0.1 (GPL-VERSION!!!)in my linux box. I want to configure zorp as Reverse Proxy (is this posible with this version?). If it is, I´m having problems with my installation/configuration.
Yes, reverse proxy configuration is certainly possible.
Below are instances.conf and policy-http.py files: Instances.conf (grep -v ^.*# /etc/zorp/instances.conf) -------------- Zhttp --verbose=10 --policy /etc/zorp/policy-http.py
policy-http.py (grep -v ^.*# /etc/zorp/policy-http.py) --------------
As I see the example you are using as your policy file is a bit outdated (it seems to be a policy for Zorp 0.6) I include my fixes in your policy file below.
from Zorp.Zorp import * from Zorp import Zorp from Zorp.Zone import InetZone from Zorp.Service import Service from Zorp.SockAddr import SockAddrInet from Zorp.Chainer import DirectedChainer from Zorp import Http from Zorp.Http import HttpProxy from Zorp.Listener import Listener
# Zorp.Core imports all required symbols from Zorp.Core import * # this one imports Http proxy from Zorp.Http import *
Zorp.firewall_name = 'zorp@bcpc'
InetZone("cpc", "192.168.1.0/24", outbound_services=[],
inbound_services=["INhttp"]),
no comma is permitted after the Zone definition.
InetZone("local", "127.0.0.0/8", inbound_services=["*"], outbound_services=[]),
comma is not allowed here either
InetZone("internet", "0.0.0.0/0", inbound_services=[], outbound_services=["INhttp"])
class INhttp(HttpProxy): def config(self): HttpProxy.config(self) self.transparent_mode = 0 def init(Zhttp):
Service("INhttp", DirectedChainer(SockAddrInet("192.168.1.100", 80)),\ INhttp) Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp")
Here you made a mistake in your indentation. the correct function definition is: def Zhttp(): Service("INhttp", INhttp, router=DirectedRouter(SockAddrInet('192.168.1.100", 80))) Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp") That's it. The preferred way of creating multiple instances in a single policy file is to create a function named the same as the instance. So as you had an instance named Zhttp in your instances.conf file, I created a function named Zhttp(), this takes no arguments. The function named init() would also work, if you write an init() function the instance specific function would not be called, as you override the default init() function provided by Zorp. Here's a complete policy file: from Zorp.Core import * from Zorp.Http import * Zorp.firewall_name = 'zorp@bcpc' InetZone("cpc", "192.168.1.0/24", outbound_services=[], inbound_services=["INhttp"]) InetZone("local", "127.0.0.0/8", inbound_services=["*"], outbound_services=[]) InetZone("internet", "0.0.0.0/0", inbound_services=[], outbound_services=["INhttp"]) class INhttp(HttpProxy): def config(self): HttpProxy.config(self) self.transparent_mode = 0 def Zhttp(): Service("INhttp", INhttp, router=DirectedRouter(SockAddrInet("192.168.1.100", 80))) Listener(SockAddrInet("aaa.bb.cc.ddd", 1555), "INhttp")
Debian 3.0.0 r0 (woody) python 2.1.3-3 python-extclass 1.2-5 Zorp 2.0.0-1 Zorp-modules 2.0.0-1 libzorpll 2.0.18.4-1 libglib2 2.0.6-1
NOTE: When I install zorp I run: dpkg -i --ignore-depends=libzorpll zorp_2.0-1_i386.deb because zorp depends from libzorpll and libzorpll depends from zorp. Is this cycle OK or I've misintalled zorp?
Hm... I've checked this and I've found no anomalies, can you show your dpkg -s output for the packages you installed? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
Ivan Lopez