[zorp-hu] befele megy, kifele nem
Balla Szabolcs
zorp-hu@lists.balabit.hu
Tue, 9 Sep 2003 19:36:50 +0200
This is a multi-part message in MIME format.
------=_NextPart_000_003A_01C37709.B709A720
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
Sziasztok!
A kovetkezo problemam. Adott egy webserver amit egy zorp 2.0-as ved. =
Kulon gep, keresztkabellel osszekotve.
Kintrol tokeletesen latszik a webserver, es megy is ra az ssh, de a =
webserverrol is kellene a web. (frissites, patch, stb).=20
Mit rontottam el? a masik, van valami termeszetes oka, h nagyon lassan =
epul fel a kapcsolat? utana mar rendben muxik.
Kernem a lista szives segitseget, mert lassan mar alig marad hajam...
Mellekelten kuldenem a konfigokat. Bocsanat a level hosszusagaaert!
Koszi!
Szabek
=3D=3D=3D=3D=3Dpolicy.py=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
from Zorp.Core import *
from Zorp.Http import *
from Zorp.Plug import *
InetZone('internet', ['0.0.0.0/0'],
inbound_services=3D[
"OutgoingRequest",
"HTTP"],
outbound_services=3D[
"HTTP",
"sshTOweb"])
InetZone('Intranet', ['192.168.0.0/24'],
inbound_services=3D[])
InetZone('Webserver', ['192.168.0.10/32'],
inbound_services=3D[
"HTTP",
"sshTOweb"],
outbound_services=3D[
"OutgoingRequest",
"HTTP"],
admin_parent=3D'Intranet')
def HTTP() :
Service(name=3D"HTTP", proxy_class=3DHttpProxy, =
router=3DDirectedRouter(dest_addr=3DSockAddrInet('192.168.0.
10', 80), forge_addr=3DTRUE))
Listener(bindto=3DSockAddrInet('100.100.100.100', 80), =
service=3D"HTTP", backlog=3D255)
def outgoingRequest() :
Service(name=3D"OutgoingRequest", proxy_class=3DHttpProxy, =
router=3DTransparentRouter(forge_addr=3DTRUE))
Listener(bindto=3DSockAddrInet('192.168.0.5', 80), =
service=3D"OutgoingRequest", backlog=3D255)
def sshTOweb() :
Service(name=3D"sshTOweb", proxy_class=3DPlugProxy, =
router=3DDirectedRouter(dest_addr=3DSockAddrInet('192.16
8.0.10', 22), forge_addr=3DTRUE))
Listener(bindto=3DSockAddrInet('100.100.100.100', 2222), =
service=3D"sshTOweb", backlog=3D255)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
instances.conf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
HTTP --autobind-ip 1.2.3.4 --policy /etc/zorp/policy.py
outgoingRequest --autobind-ip 1.2.3.4 --policy /etc/zorp/policy.py
sshTOweb --autobind-ip 1.2.3.4 --policy /etc/zorp/policy.py
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
iptables.in
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 2222 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --syn --dport 22 -j ACCEPT
-A INPUT -p tcp --syn --dport 1310:1320 -j ACCEPT
------=_NextPart_000_003A_01C37709.B709A720
Content-Type: text/html;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-2">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Sziasztok!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>A kovetkezo problemam. Adott egy =
webserver amit egy=20
zorp 2.0-as ved. Kulon gep, =
keresztkabellel osszekotve.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Kintrol tokeletesen latszik a =
webserver, es megy is=20
ra az ssh, de a webserverrol is kellene a web. (frissites, patch, stb).=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Mit rontottam el? a masik, van =
valami=20
termeszetes oka, h nagyon lassan epul fel a kapcsolat? utana mar rendben =
muxik.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Kernem a lista szives segitseget, mert =
lassan mar=20
alig marad hajam...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Mellekelten kuldenem a konfigokat. =
Bocsanat=20
a level hosszusagaaert!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Koszi!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Szabek</FONT></DIV><FONT face=3DArial =
size=3D2>
<DIV><BR>=3D=3D=3D=3D=3Dpolicy.py=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</DIV>
<DIV> </DIV>
<DIV>from Zorp.Core import *<BR>from Zorp.Http =
import =20
*<BR>from Zorp.Plug import *</DIV>
<DIV> </DIV>
<DIV>InetZone('internet', ['0.0.0.0/0'],<BR> =20
inbound_services=3D[<BR> =20
"OutgoingRequest",<BR> =20
"HTTP"],<BR> =20
outbound_services=3D[<BR> =20
"HTTP",<BR> =20
"sshTOweb"])<BR>InetZone('Intranet', =
['192.168.0.0/24'],<BR> =20
inbound_services=3D[])<BR>InetZone('Webserver',=20
['192.168.0.10/32'],<BR> =20
inbound_services=3D[<BR> =20
"HTTP",<BR> =20
"sshTOweb"],<BR> =20
outbound_services=3D[<BR> =20
"OutgoingRequest",<BR> =20
"HTTP"],<BR> admin_parent=3D'Intranet')</DIV>
<DIV> </DIV>
<DIV>def HTTP() :<BR> Service(name=3D"HTTP",=20
proxy_class=3DHttpProxy,=20
router=3DDirectedRouter(dest_addr=3DSockAddrInet('192.168.0.<BR>10', =
80),=20
forge_addr=3DTRUE))<BR> =20
Listener(bindto=3DSockAddrInet('100.100.100.100', 80), service=3D"HTTP", =
backlog=3D255)</DIV>
<DIV> </DIV>
<DIV>def outgoingRequest() :<BR> =20
Service(name=3D"OutgoingRequest", proxy_class=3DHttpProxy,=20
router=3DTransparentRouter(forge_addr=3DTRUE))<BR> =20
Listener(bindto=3DSockAddrInet('192.168.0.5', 80), =
service=3D"OutgoingRequest",=20
backlog=3D255)</DIV>
<DIV> </DIV>
<DIV>def sshTOweb() :<BR> Service(name=3D"sshTOweb",=20
proxy_class=3DPlugProxy,=20
router=3DDirectedRouter(dest_addr=3DSockAddrInet('192.16<BR>8.0.10', =
22),=20
forge_addr=3DTRUE))<BR> =20
Listener(bindto=3DSockAddrInet('100.100.100.100', 2222), =
service=3D"sshTOweb",=20
backlog=3D255)</DIV>
<DIV> </DIV>
<DIV>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
<BR>instances.conf<BR>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D</DIV>
<DIV> </DIV>
<DIV>HTTP --autobind-ip 1.2.3.4 --policy =
/etc/zorp/policy.py<BR>outgoingRequest=20
--autobind-ip 1.2.3.4 --policy /etc/zorp/policy.py<BR>sshTOweb =
--autobind-ip=20
1.2.3.4 --policy /etc/zorp/policy.py</DIV>
<DIV> </DIV>
<DIV>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>iptables.in<BR>=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>-A INPUT -m state --state=20
NEW -p tcp --dport 80 -j ACCEPT<BR>-A INPUT -m state --state NEW -p tcp =
--dport=20
2222 -j ACCEPT<BR>-A INPUT -m state --state ESTABLISHED,RELATED -j =
ACCEPT<BR>-A=20
INPUT -p tcp --syn --dport 22 -j ACCEPT<BR>-A INPUT -p tcp --syn --dport =
1310:1320 -j ACCEPT<BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_003A_01C37709.B709A720--