[zorp-hu] Zorp 3.3.6 - port valasztas hostnev alapjan

Balazs Scheidler bazsi at balabit.hu
2011. Már. 2., Sze, 10:05:42 CET 

On Fri, 2011-02-25 at 15:56 +0100, Farkas Dániel wrote:
> ----------
> #cat /etc/zorp/instances.conf
> 
> # This file lists the Zorp instances you want to run.
> #
> # The instance name and arguments _must_ be separated by spaces instead
> # of tabs! Otherwise zorpctl will stop working.
> 
> #instance  arguments
> zorp_http --verbose=9 --policy /etc/zorp/policy-http.py
> 
> ----------
> # netstat -nlp | grep zorp
> nincs semmi
> 
> ----------
> # ps axuw | grep zorp
> root      3233  0.0  0.2   3300   736 pts/6    S+   15:50   0:00 grep zorp
> itt is csak az aktuális parancs miatt van zorp
> 
> ----------
> #/etc/init.d/zorp restart
> 
> Restarting Zorp Firewall Suite: Traceback (most recent call last):
>    File "/usr/local/share/zorp/pylib/Zorp/Zorp.py", line 485, in init
>      func()
>    File "/etc/zorp/policy-http.py", line 55, in zorp_http
>      Listener(bindto=SockAddrInet("10.20.2.169", 80), 
> service="intra_http", transparent=TRUE)
>    File "/usr/local/share/zorp/pylib/Zorp/Listener.py", line 189, in 
> __init__
>      Dispatcher.__init__(self, convertSockAddrToDB(bindto, 
> ZD_PROTO_TCP), service, **kw)
>    File "/usr/local/share/zorp/pylib/Zorp/Dispatch.py", line 388, in 
> __init__
>      AbstractDispatch.__init__(self, Zorp.firewall_name, bindto, **kw)
>    File "/usr/local/share/zorp/pylib/Zorp/Dispatch.py", line 227, in 
> __init__
>      self.dispatches.append(Dispatch(self.session_id, bindto, prio, 
> self.accepted, kw))
> IOError: Error binding to interface
> zorp_http!
> 
> The following errors occurred so far:
> Zorp instance startup failed, instance='zorp_http', rc='512'
> 
> ----------
> # /var/log/messages részlete:
> 
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(0): 
> (nosession): Starting up; verbose_level='9', version='3.9.0', 
> startup_id='1298645580'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(6): 
> (nosession): System dependant init; sysdep_tproxy='tproxy40'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(7): 
> (szig/listen): Start to listen; fd='10', 
> address='AF_UNIX(/usr/local/var/run/zorp/zorpctl.zorp_http)'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(6): 
> (szig/thread): thread starting;
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
> (nosession): Outbound service; zone='site-net', service='*'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
> (nosession): Inbound service; zone='site-net', service='*'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
> (nosession): Outbound service; zone='local', service='*'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
> (nosession): Inbound service; zone='local', service='*'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
> (nosession): Outbound service; zone='internet', service='*'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(5): 
> (nosession): Inbound service; zone='internet', service='*'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(0): 
> (nosession): Error pinging KZorp, it is probably unavailable; result='-1'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(7): 
> (dsp/dispatch:0): Dispatcher on address; 
> local='SA(proto=1,addr=AF_INET(10.20.2.169:80))', prio='100'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(3): 
> (nosession): bind() failed; bind='AF_INET(10.20.2.169:80)', 
> error='Permission denied'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.debug(6): 
> (nosession): Deinitialization requested for instance; name='['zorp_http']'
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(0): 
> (nosession): Error initializing policy;
> Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(0): 
> (nosession): Error loading initial policy, exiting;
> Feb 25 15:53:01 kenjiro zorp/zorp_http[3240]: core.info(3): Shutting 
> down; version='3.9.0'

Szia,

a lenyeg itt van elbujtatva:

Feb 25 15:53:00 kenjiro zorp/zorp_http[3240]: core.error(3): 
(nosession): bind() failed; bind='AF_INET(10.20.2.169:80)', 
error='Permission denied'

A Permission denied OS hibara utal, nincs veletlenul SELinux, AppArmor
vagy vmi hasonlo?

Okozhat ilyen gondot a capek hibas beallitasa is, bar elvileg a
defaultoknak jol kellene mukodniuk.

Esetleg egy --no-caps opciot ha megadsz a Zorpnak, akkor _tenyleg_
rootkent fog futni, mikozben egyebkent a jogosultsagainak java reszet
eldobja.

-- 
Bazsi

További információk a(z) zorp-hu levelezőlistáról