[zorp-hu] Cannot assign requested address

Kosa Attila zorp-hu@lists.balabit.hu
Mon, 11 Apr 2005 10:40:32 +0200


Hello!
2.4.25-os kernel zorpos patch-ekkel, 2.1.8-as zorp. Gond nelkul megy.
Kicsereltem a kernelt 2.4.28-ra (szinten zorpos patch-ekkel), azota
mindenfele titokzatos dolgok tortennek. Harom pelda:

from Zorp.Core import *
from Zorp.Plug import *

Zorp.firewall_name = 'zorp-winupdate@xxx.hu'

InetZone("winupdate", "192.168.0.0/16",
    inbound_services=["win_update"],
    outbound_services=["win_update"])

InetZone("internet", "0.0.0.0/0",
    inbound_services=["win_update"],
    outbound_services=[])

class WinUpdate(PlugProxy):
        pass

def init(name):
        debug(0, "Policy init, name=%s" % name)

        Service("win_update", WinUpdate, TransparentRouter())

        Listener(SockAddrInet("192.168.1.254", 60443), "win_update")

debug(0, "Policy bootstrap done...");

Eddig a winupdate zonaban nem kellett az inbound-hoz beirni a win_update
reszt, ment anelkul is. A kernelcsere ota ez a hibauzenet (ha nincs bent
az inbound-ban a win_update):

Apr  7 07:25:04 fw zorp_winupdate[769]: (zorp-winupdate@xxx.hu/win_update): Starting service; name='win_update'
Apr  7 07:25:04 fw zorp_winupdate[769]: (zorp-winupdate@xxx.hu/win_update:0): Starting proxy instance; client_fd='15', client_address='AF_INET(192.168.1.201:59787)', client_zone='Zone(winupdate, 192.168.0.0/16)', client_local='AF_INET(192.168.1.254:60443)'
Apr  7 07:25:04 fw zorp_winupdate[769]: (zorp-winupdate@xxx.hu/win_update:0/plug): Proxy starting; class='WinUpdate', module='plug'
Apr  7 07:25:05 fw zorp_winupdate[22730]: (zorp-winupdate@xxx.hu/win_update:0): Inbound service not permitted; service='win_update', zone='Zone(winupdate, 192.168.0.0/16)'
Apr  7 07:25:05 fw zorp_winupdate[22730]: (zorp-winupdate@xxx.hu/win_update:0/plug): DAC policy violation; info='None'
Apr  7 07:25:05 fw zorp_winupdate[22730]: (zorp-winupdate@xxx.hu/win_update:0/plug): Proxy ending; class='WinUpdate', module='plug'


Masik pelda:

from Zorp.Core import *
from Zorp.Http import *

Zorp.firewall_name = 'zorp-kintrol@xxx.hu'

InetZone("WWW", "192.168.12.2/32",
    inbound_services=["id_http"],
    outbound_services=[])

InetZone("internet", "0.0.0.0/0",
    inbound_services=[],
    outbound_services=["id_http"])

class IDHttp(HttpProxyURIFilter):
        matcher=RegexpFileMatcher('/etc/zorp/http.black', '/etc/zorp/http.white')
        def config(self):
                HttpProxyURIFilter.config(self)
                self.transparent_mode = 1

        def filterURL(self, method, url, version):
                log("http.info", 3, "%s: GET: %s" % (self.session.session_id, url))

def init(name):
        debug(0, "Policy init, name=%s" % name)

        Service("id_http", IDHttp, DirectedRouter(SockAddrInet("192.168.12.2", 80), forge_addr = TRUE))

        Listener(SockAddrInet("193.225.188.11", 50080), "id_http")

debug(0, "Policy bootstrap done...");

pr  7 13:48:23 fw zorp_kintrol[768]: (zorp-kintrol@xxx.hu/id_http): Starting service; name='id_http'
Apr  7 13:48:23 fw zorp_kintrol[768]: (zorp-kintrol@xxx.hu/id_http:3): Starting proxy instance; client_fd='17', client_address='AF_INET(80.99.101.98:39694)', client_zone='Zone(internet, 0.0.0.0/0)', client_local='AF_INET(193.225.188.11:50080)'
Apr  7 13:48:23 fw zorp_kintrol[768]: (zorp-kintrol@xxx.hu/id_http:3/http): Proxy starting; class='IDHttp', module='http'
Apr  7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): Accounting; command='GET', url='http://www.xxx.hu/'
Apr  7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): http accounting; request='GET http://www.xxx.hu/ HTTP/1.1'
Apr  7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): bind() failed; error='Cannot assign requested address'
Apr  7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): Server connection failure; server_address='AF_INET(192.168.12.2:80)', server_zone='Zone(WWW, 192.168.12.2/32)', server_local='AF_INET(80.99.101.98:0)'
Apr  7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http): Proxy ending; class='IDHttp', module='http'
Apr  7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3): Ending proxy instance;
Apr  7 13:48:23 fw zorp_kintrol[1044]: (zorp-kintrol@xxx.hu/id_http:3/http/client): accounting info; type='stream', duration='0', sent='853', received='391'

Sima ftp proxy, 200 peldanyban futhat, mindenkit kizarok, egyetlen
gepen elinditok egyetlen wget-et, es 202 proxy indul, majd kozli, hogy
tul sokan futnak, varakozas jon. Persze, mert gyakorlatilag nem mukodnek
a peldanyok (indulas utan leall), es szepen inditana a kovetkezot, hogy
kiszolgalja a kliens kereset.

Mi tortent? Hogyan lehet orvosolni a problemat? Visszaallva a regebbi
kernelre a problema megszunik, ezert gondolom, hogy az uj kernelhez
kapcsolhato a hiba kialakulasa.

-- 
		Udvozlettel
				    Zsiga