[zorp-hu] Zorp 3.3.6 - port valasztas hostnev alapjan

Farkas Dániel linux at farkasdaniel.hu
2011. Feb. 25., P, 15:56:22 CET 

----------
#cat /etc/zorp/instances.conf

# This file lists the Zorp instances you want to run.
#
# The instance name and arguments _must_ be separated by spaces instead
# of tabs! Otherwise zorpctl will stop working.

#instance  arguments
zorp_http --verbose=9 --policy /etc/zorp/policy-http.py

----------
# netstat -nlp | grep zorp
nincs semmi

----------
# ps axuw | grep zorp
root      3233  0.0  0.2   3300   736 pts/6    S+   15:50   0:00 grep zorp
itt is csak az aktuális parancs miatt van zorp

----------
#/etc/init.d/zorp restart

Restarting Zorp Firewall Suite: Traceback (most recent call last):
   File "/usr/local/share/zorp/pylib/Zorp/Zorp.py", line 485, in init
     func()
   File "/etc/zorp/policy-http.py", line 55, in zorp_http
     Listener(bindto=SockAddrInet("10.20.2.169", 80), 
service="intra_http", transparent=TRUE)
   File "/usr/local/share/zorp/pylib/Zorp/Listener.py", line 189, in 
__init__
     Dispatcher.__init__(self, convertSockAddrToDB(bindto, 
ZD_PROTO_TCP), service, **kw)
   File "/usr/local/share/zorp/pylib/Zorp/Dispatch.py", line 388, in 
__init__
     AbstractDispatch.__init__(self, Zorp.firewall_name, bindto, **kw)
   File "/usr/local/share/zorp/pylib/Zorp/Dispatch.py", line 227, in 
__init__
     self.dispatches.append(Dispatch(self.session_id, bindto, prio, 
self.accepted, kw))
IOError: Error binding to interface
zorp_http!

The following errors occurred so far:
Zorp instance startup failed, instance='zorp_http', rc='512'

----------
# /var/log/messages részlete:

Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(0): 
(nosession): Starting up; verbose_level='9', version='3.9.0', 
startup_id='1298645580'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(6): 
(nosession): System dependant init; sysdep_tproxy='tproxy40'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(7): 
(szig/listen): Start to listen; fd='10', 
address='AF_UNIX(/usr/local/var/run/zorp/zorpctl.zorp_http)'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(6): 
(szig/thread): thread starting;
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
(nosession): Outbound service; zone='site-net', service='*'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
(nosession): Inbound service; zone='site-net', service='*'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
(nosession): Outbound service; zone='local', service='*'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
(nosession): Inbound service; zone='local', service='*'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
(nosession): Outbound service; zone='internet', service='*'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
(nosession): Inbound service; zone='internet', service='*'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(0): 
(nosession): Error pinging KZorp, it is probably unavailable; result='-1'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(7): 
(dsp/dispatch:0): Dispatcher on address; 
local='SA(proto=1,addr=AF_INET(10.20.2.169:80))', prio='100'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(3): 
(nosession): bind() failed; bind='AF_INET(10.20.2.169:80)', 
error='Permission denied'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(6): 
(nosession): Deinitialization requested for instance; name='['zorp_http']'
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(0): 
(nosession): Error initializing policy;
Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(0): 
(nosession): Error loading initial policy, exiting;
Feb 25 15:53:01 kenjiro zorp/zorp_http[3240]: core.info(3): Shutting 
down; version='3.9.0'


------------
és a teljes policy file:

from Zorp.Core import *
from Zorp.Plug import *
from Zorp.Http import *
from Zorp.Ftp import *

Zorp.firewall_name = 'zorp at kenjiro'

InetZone("site-net", "10.20.2.0/24",
          outbound_services=["*"],
          inbound_services=["*"])

InetZone("local", "127.0.0.0/8",
          inbound_services=["*"],
          outbound_services=["*"])

InetZone("internet", "0.0.0.0/0",
          inbound_services=["*"],
          outbound_services=["*"])


class IntraHttp(HttpProxy):
         def config(self):
                 HttpProxy.config(self)
                 require_host_header = FALSE
                 self.hostlist = {"www2.valami.hu":("127.0.0.1", 50081)}

         def setServerAddress(self, host, port):
             if self.hostlist.has_key(host):
                 newhost = self.hostlist[host][0]
                 port = self.hostlist[host][1]
                 host = newhost
             else:
                 proxyLog(self, HTTP_ERROR, 3, "Unknown target host; 
host='%s'", host)
                 return FALSE

             return HttpProxy.setServerAddress(self, host, port)


def zorp_http():
         Service("intra_http", IntraHttp)
         Listener(SockAddrInet("10.20.2.169", 80), "intra_http")

Köszi a fáradozást!


> Küld be a következőket, utána valószínű tudok segíteni:
> cat /etc/zorp/instances.conf
> netstat -nlp  | grep zorp
> ps axuw | grep zorp
>
> i.
> _______________________________________________
> zorp-hu mailing list
> zorp-hu at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/zorp-hu

További információk a(z) zorp-hu levelezőlistáról