[zorp-hu] CSZoneDispatcher DAC violation
Gabor HALASZ
halasz.g at freemail.hu
2009. Jan. 29., Cs, 10:57:33 CET
Szalay Attila wrote:
> Hi All!
>
> On Wed, 2009-01-28 at 17:18 +0100, Gabor HALASZ wrote:
>> Ami a telepitocd-n van.
>
> Akkor menjunk tovabb. Milyen verzioju a telepito CD?
>
Most meg tudom nezni, tehat:
Linux iris 2.6.17-zorpos-4-386 #1 SMP Wed Mar 26 13:38:45 UTC 2008 i686
GNU/Linux
A zorp:
Jan 29 10:03:55 iris zorp/Wan[3129]: core.debug(0): (nosession):
Starting up; verbose_level='5', version='3.3.1b', startup_id='1233219835'
Jan 29 10:03:55 iris zorp/Wan[3129]: core.license(0): (nosession):
License information; product='Zorp Professional Single Edition',
version='3.3', limit='400', customer='', options='basic-proxies, ssh-proxy'
Viszont gyanitom, hol a problema. Kinomvab csinaltam egy non-transparent
tcp proxyt dispatcherrel, ami directedrouterrel tovabbitana a forgalmat,
ami szepen mukodik is (nincs mogotte a szerver):
zorp/Wan[5303]: core.session(3): (svc/Vpn3k:1): Starting proxy instance;
client_fd='21', client_address='AF_INET(x.x.x.x:57926)',
client_zone='Zone(Internet, 0.0.0.0/0)', client_local='
AF_INET(x.x.x.x:10000)', client_protocol='TCP'
zorp/Wan[5303]: core.error(2): (svc/Vpn3k:1/plug): Connection to remote
end failed; local='AF_INET(192.168.104.252:56194)',
remote='AF_INET(192.168.104.254:10000)', error='No route to host'
zorp/Wan[5303]: core.session(3): (svc/Vpn3k:1/plug): Server connection
failure; server_address='AF_INET(192.168.104.254:10000)',
server_zone='Zone(Cisco3kVpn, 192.168.104.0/24)', server_local
='None', server_protocol='TCP'
Ezutan atkattintgatam zonedispatcherre, es ettol el is romlott:
zorp/Wan[5719]: core.policy(2): (nosession): No applicable service found
for this client & server zone; bindto='ZPolicyStruct object type
DBSockAddr', client_zone='Zone(Internet, 0.0.0.0/0)',
server_zone='Zone(Internet, 0.0.0.0/0)'
zorp/Wan[5719]: core.policy(1): (svc): DAC policy violation; info='No
applicable service found'
iris zorp/Wan[5719]: core.policy(1): (nosession): Connection denied by
policy; protocol='1', remote='AF_INET(x.x.x.x:37992)',
local='AF_INET(x.x.x.x:10000)', dest='AF_INET(x.x.x.x:10000)'
Ha jol ertem, a zonedispatcher csak transparens proxykent mukodik?
Bonuszkerdes: a zmc-vel keszult konfigot hogyan tudom backupolni?
--
Gabor HALASZ <halasz.g at freemail.hu>
További információk a(z) zorp-hu levelezőlistáról