[zorp] Zorp GPL-VERSION

Balazs Scheidler bazsi@balabit.hu
Wed, 19 Feb 2003 09:58:42 +0100 

On Tue, Feb 18, 2003 at 08:34:23PM -0300, Ivan Lopez wrote:
> Hello:
> Congratulations for your product.
> First: Pardon for my English. I'm a beginner (in English, Zorp and Python)

No need to worry about your English, we are not native English speakers
either.

Although a bit of understanding in Python does not hurt, but is not
absolutely necessary.

The most important is to take care about indentation. When a block is
started (either if, def, or class statement) the enclosed block _must_ be
indented consistently. E.g.

def Zhttp():
	# this must be indented by the same amount
	# as this line
	# increasing indent without the start of a block is 
	# forbidden
	pass

> Second: I`ve intalled zorp 2.0.1 (GPL-VERSION!!!)in my linux box. I want to 
> configure zorp as Reverse Proxy (is this posible with this version?). If it 
> is, I´m having problems with my installation/configuration.

Yes, reverse proxy configuration is certainly possible.

> Below are instances.conf and policy-http.py files:
> Instances.conf (grep -v ^.*# /etc/zorp/instances.conf)
> --------------
> Zhttp --verbose=10  --policy /etc/zorp/policy-http.py
> 
> policy-http.py (grep -v ^.*# /etc/zorp/policy-http.py)
> --------------

As I see the example you are using as your policy file is a bit outdated (it
seems to be a policy for Zorp 0.6)

I include my fixes in your policy file below.

> 
> 
> from Zorp.Zorp import *
> from Zorp import Zorp
> from Zorp.Zone import InetZone
> from Zorp.Service import Service
> from Zorp.SockAddr import SockAddrInet
> from Zorp.Chainer import DirectedChainer
> from Zorp import Http
> from Zorp.Http import HttpProxy
> from Zorp.Listener import Listener

# Zorp.Core imports all required symbols
from Zorp.Core import *
# this one imports Http proxy
from Zorp.Http import *

> 
> Zorp.firewall_name = 'zorp@bcpc'
> 
> InetZone("cpc", "192.168.1.0/24",
> 	 outbound_services=[],
> 
> 	 inbound_services=["INhttp"]),

no comma is permitted after the Zone definition.

> 
> InetZone("local", "127.0.0.0/8",
>         inbound_services=["*"],
>         outbound_services=[]),

comma is not allowed here either

> 
> InetZone("internet", "0.0.0.0/0",
>         inbound_services=[],
>         outbound_services=["INhttp"])
> 
> 
> class INhttp(HttpProxy):
>    def config(self):
>        HttpProxy.config(self)
>        self.transparent_mode = 0
> def init(Zhttp):
> 
>       	Service("INhttp", DirectedChainer(SockAddrInet("192.168.1.100", 
> 80)),\
>                 INhttp)
>        Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp")

Here you made a mistake in your indentation. the correct function definition
is:

def Zhttp():
	Service("INhttp", INhttp,
		router=DirectedRouter(SockAddrInet('192.168.1.100", 80)))

	Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp")

That's it. The preferred way of creating multiple instances in a single
policy file is to create a function named the same as the instance.

So as you had an instance named Zhttp in your instances.conf file, I created
a function named Zhttp(), this takes no arguments.

The function named init() would also work, if you write an init() function
the instance specific function would not be called, as you override the
default init() function provided by Zorp.

Here's a complete policy file:


from Zorp.Core import *
from Zorp.Http import *

Zorp.firewall_name = 'zorp@bcpc'
InetZone("cpc", "192.168.1.0/24",
	outbound_services=[],
	inbound_services=["INhttp"])

InetZone("local", "127.0.0.0/8",
	inbound_services=["*"],
	outbound_services=[])

InetZone("internet", "0.0.0.0/0",
	inbound_services=[],
	outbound_services=["INhttp"])

class INhttp(HttpProxy):
	def config(self):
		HttpProxy.config(self)
		self.transparent_mode = 0

def Zhttp():
	Service("INhttp", INhttp,
		router=DirectedRouter(SockAddrInet("192.168.1.100", 80)))

	Listener(SockAddrInet("aaa.bb.cc.ddd", 1555), "INhttp")


> Debian 3.0.0 r0 (woody)
> python 2.1.3-3
> python-extclass 1.2-5
> Zorp 2.0.0-1
> Zorp-modules 2.0.0-1
> libzorpll 2.0.18.4-1
> libglib2 2.0.6-1
> 
> NOTE: When I install zorp I run:
> dpkg -i --ignore-depends=libzorpll zorp_2.0-1_i386.deb
> because zorp depends from libzorpll and libzorpll depends from zorp. Is 
> this cycle OK or I've misintalled zorp?

Hm... I've checked this and I've found no anomalies, can you show your dpkg
-s output for the packages you installed?

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1