[zorp-hu] ssh nem megy

Gabor Tusnady tusi at enzim.hu
2013. Május. 27., H, 23:40:45 CEST 

Sziasztok!

Van egy regi tuzfal, amin meg 2.0.8-as zorp fut. Ezen volt egy instance,
ami az internet iranyabol engedte a dmz zonaba egy gepre az ssh
kapcsolatot:

def o2m_ssh():

        Service("om_ssh", MyPlugProxy, router=DirectedRouter(SockAddrInet('aa.bb.cc.dd', 22),TRUE))
        Listener(SockAddrInet("xx.yy.zz.vv", 22), "om_ssh")

ahol aa.bb.cc.dd a dmz-ben levo szerver ip cime, xx.yy.zz.vv az internet
oldali ipcime a tuzfalnak.

Most ugyanezt szeretnem megcsinalni egy ubuntu 12.04 LTS alatt levo zorp
3.9.2-vel:

def o2m_ssh():
        Service("om_ssh", MyPlugProxy, router=DirectedRouter(SockAddrInet('aa.bb.cc.dd', 22),TRUE))
        Dispatcher(bindto=DBIface(protocol=ZD_PROTO_TCP, iface="eth0", ip="xx.yy.zz.vv", port=22), service="om_ssh", transparent=FALSE, threaded=FALSE, backlog=255)


De nem megy. A log-ban a kovetkezot latom (ee.ff.gg.hh a kulso gep cime, ahonnet inditom az ssh-t):

May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (dsp/dispatch:0): Incoming connection; protocol='1', remote='AF_INET(ee.ff.gg.hh:50074)', local='AF_INET(xx.yy.zz.vv:22)', dest='AF_INET(xx.yy.zz.vv:22)'
May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.session(5): (svc/om_ssh): Starting service; name='om_ssh'
May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.session(3): (svc/om_ssh:0): Starting proxy instance; client_fd='15', client_address='AF_INET(ee.ff.gg.hh:50074)', client_zone='Zone(out, 0.0.0.0/0)', client_local='AF_INET(xx.yy.zz.vv:22)', client_protocol='TCP'
May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.session(5): (svc/om_ssh:0/plug): Proxy starting; class='MyPlugProxy', proxy='plug'
May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (group): thread starting;
May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Attribute changed; attribute='language', newvalue=''en''
May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Attribute fetched; attribute='ssl', value='ZPolicyStruct object type Shared'
May 27 23:24:38  zorp/o2m_ssh[6059]: last message repeated 7 times
May 27 23:24:38 fal zorp/o2m_ssh[6059]: plug(2): (group): S: AF_INET(xx.yy.zz.vv:22) C: AF_INET(ee.ff.gg.hh:50074)
May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Attribute fetched; attribute='ssl', value='ZPolicyStruct object type Shared'
May 27 23:24:38  zorp/o2m_ssh[6059]: last message repeated 2 times
May 27 23:24:38 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Attribute fetched; attribute='server_local_tos', value='0'
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.error(2): (svc/om_ssh:0/plug): Connection to remote end failed; local='AF_INET(xx.yy.zz.vv:35463)', remote='AF_INET(aa.bb.cc.dd:22)', error='connection timed out'
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Established connection; conn='NULL'
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.stderr(3): (stderr): #012
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.stderr(3): (stderr): (zorp:6059): GLib-WARNING **: (/build/buildd/glib2.0-2.32.3/./glib/gerror.c:390):g_error_new_valist: runtime check failed: (domain != 0)#012
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.session(3): (svc/om_ssh:0/plug): Server connection failure; server_address='AF_INET(aa.bb.cc.dd:22)', server_zone='Zone(dmz, 192.168.0.0/24)', server_local='None', server_protocol='TCP'
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug): Proxy destroy; class='MyPlugProxy', module='plug'
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug/client): Shutdown channel; fd='15', mode='2'
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.debug(6): (svc/om_ssh:0/plug/client): Closing stream; type='ZStreamFD'
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.session(5): (svc/om_ssh:0/plug): Proxy ending; class='MyPlugProxy', module='plug'
May 27 23:25:08 fal zorp/o2m_ssh[6059]: core.session(4): (svc/om_ssh:0): Ending proxy instance;

A MyPlugProxy igy nez ki:
class MyPlugProxy(PlugProxy):
        def config(self):
                PlugProxy.config(self)
                log("plug",2,"S: %s C: %s" % (self.session.client_local, self.session.client_address))

a dmz-ben levo szerverre a tuzfalrol lehet ssh-zni.

Mit rontok el?

Koszonom,
Gabor

További információk a(z) zorp-hu levelezőlistáról