[zorp-hu] zorp 1.4 vs zorp 2

Balazs Scheidler bazsi@balabit.hu
Tue, 28 Jan 2003 17:37:47 +0100


On Tue, Jan 28, 2003 at 05:31:20PM +0100, Hegedus Ferenc wrote:
> Udv
> 
> A kovetkezo lenne a problemam: Van egy mukodo http proxy
> konfigom 1.4.8-as zorp-ben a kovetkezo zona definicioval:
> 
> InetZone("ZoneLocal", "127.0.0.1/32",
>         inbound_services=[""],
>         outbound_services=["ServiceHttp"]),
> 
> InetZone("ZoneInternet", "0.0.0.0/0",
>         inbound_services=["ServiceHttp"],
>         outbound_services=[""])
> 
> A kovetkezo iptables sorral:
> 
> iptables -A OUTPUT -s 0/0 -d 0/0 -t nat -m owner ! --uid-owner 0 -m state --state NEW -p tcp --dport 80 -j REDIRECT --to-port 8080 -o eth0
> 
> Ez kb a kovetkezokeppen mukodik: ha localhost-rol nem root
> uid-al inditok http keresket, azt megkapja a zorp, ami 
> root uid-el fut.
> 
> A 2.0rc3-as zorp-el ugyanennel a konfignal gondok merultek
> fel.

Az a gyanum, hogy nem talalta meg megfeleloen a TPROXY tamogatast a
kerneledben. vedd fel a verbosity-t 6-ra, es keresd ezt a sort:

  z_log(NULL, CORE_DEBUG, 6, "System dependant init; sysdep_tproxy='%d'", sysdep_tproxy);

a sysdep_tproxy erteke mennyi? Ha 2, akkor jol detektalta a tproxy
tamogatast, ha nem annyi, akkor nem. Ezert pedig nem talalja jol ki a
keresed eredeti celjat -> maganak cimzi a szervernek szant csomagokat is.

> (zorp/ServiceHttp:0): Starting proxy instance; client_fd='14', client_address='AF_INET(127.0.0.1:35264)', client_zone='Zone(ZoneLocal, 127.0.0.1/32)', client_local='AF_INET(127.0.0.1:8080)'
> (zorp/ServiceHttp:0/http): Proxy starting; class='ClassHttp', module='http' 
> (zorp/ServiceHttp:0/http): GET: http://index.hu/
> (zorp/ServiceHttp): Starting service; name='ServiceHttp'
> (zorp/ServiceHttp:1): Starting proxy instance; client_fd='16', client_address='AF_INET(127.0.0.1:35265)', client_zone='Zone(ZoneLocal, 127.0.0.1/32)', client_local='AF_INET(127.0.0.1:8080)'
> (zorp/ServiceHttp:1/http): Proxy starting; class='ClassHttp', module='http'
> (zorp/ServiceHttp:0/http): Server connection established; server_fd='15', server_address='AF_INET(127.0.0.1:8080)', server_zone='Zone(ZoneLocal, 127.0.0.1/32)', server_local='AF_INET(127.0.0.1:35265)'
                                                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1