[zorp-hu] http proxy, tproxy
Pásztor Lénárd Zoltán
lenard.pasztor at wonderline.hu
2006. Ápr. 3., H, 18:23:40 CEST
Sziasztok!
Zorp megkapja a requestet, el is inditja a proxy-t,
a proxy felvenne a kapcsolatot a belso webszerverrel,
a webszerver probal valaszolni, de az ip kapcsolat mar
nem jon letre holott a valasz csomag megjelenik a zorpot
futtato gepen es az iptables sem dobja ki.
Ugyanaz a helyzet http es https eseten is.
A csomagok a megfelelo host/port parosra valaszolnak ugy gondolom.
Hol nezzek korul?
#dpkg -l zorp
ii zorp 3.0.9
#dpkg -l iptables
iptables 1.2.11-8.zorpos5
#uname -r
2.6.15.6
iptables config:
iptables -t tproxy -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
TPROXY tcp -- anywhere zorp tcp dpt:https TPROXY
redirect 0.0.0.0:1201
TPROXY tcp -- anywhere zorp tcp dpt:www TPROXY
redirect 0.0.0.0:1200
zorp config:
# Includes
from Zorp.Core import *
from Zorp.Http import *
from Zorp.Pssl import *
# Main configuration
Zorp.firewall_name = 'zorp'
# Networks
InetZone(
"Internet", "0.0.0.0/0",
inbound_services=["http", "https"],
outbound_services=["http", "https"]
)
InetZone(
"app-net", "10.11.0.0/16",
inbound_services=["http", "https"],
outbound_services=["http", "https"]
)
# HTTP Proxy
class HTTPProxy(HttpProxy):
def config(self):
HttpProxy.config(self)
self.default_port = 443
# HTTP Proxy
class HTTPProxy(HttpProxy):
def config(self):
HttpProxy.config(self)
# HTTPS Proxy - Listener
class HTTPSListener(PsslProxy):
def config(self):
PsslProxy.config(self);
self.copy_to_server = TRUE;
self.copy_to_client = TRUE;
self.client_need_ssl = TRUE;
self.server_need_ssl = FALSE;
self.shutdown_soft = TRUE;
self.client_verify_type = SSL_VERIFY_NONE;
self.server_verify_type = SSL_VERIFY_NONE;
self.client_cert = "/etc/zorp/certs/test.crt";
self.client_key = "/etc/zorp/keys/test.key";
# HTTPS Proxy
class HTTPSHelper(HttpProxy):
def config(self):
HttpProxy.config(self)
self.default_port = 443
# HTTPS Proxy - Worker
class HTTPSWorker(PsslProxy):
def config(self):
PsslProxy.config(self);
self.copy_to_server = TRUE;
self.copy_to_client = TRUE;
self.client_need_ssl = FALSE;
self.server_need_ssl = TRUE;
self.shutdown_soft = TRUE;
self.client_verify_type = SSL_VERIFY_NONE;
self.server_verify_type = SSL_VERIFY_NONE;
self.client_cert = "/etc/zorp/certs/test.crt";
self.client_key = "/etc/zorp/keys/test.key";
# Instance definition
def web():
Service(
"http",
HTTPProxy,
router=InbandRouter(forge_addr=TRUE),
resolver=DNSResolver()
)
Service(
"https",
HTTPSListener,
router=InbandRouter(forge_addr=TRUE),
chainer=SideStackChainer(
HTTPSHelper,
SideStackChainer(HTTPSWorker)
)
)
Listener(SockAddrInet('0.0.0.0', 1200), "http")
Listener(SockAddrInet('0.0.0.0', 1201), "https")
--
Pásztor Lénárd Zoltán
rendszergazda
Wonderline Hungary Kft.
Telefon: (+36-1) 272.0242
Fax: (+36-1) 272.0252
E-mail: lenard.pasztor at wonderline.hu
Honlap: www.wonderline.hu
További információk a(z) zorp-hu levelezőlistáról