[zorp] Zorp and Traffic Control
Philippe Lucas
zorp@lists.balabit.hu
Fri, 09 May 2003 16:22:49 -0400
confirm 587515
I would like make a transparent proxy, transparent for both the client and the server.
But my problem is that the transparency works for the client but not for the server.
Could you please help me ?
My configuration :
client ------------- tproxy+zorp2.0 (debian woody) ----------------- server
192.168.100.199 192.168.100.135 192.168.0.134 192.168.0.251
My policy.pl :
from Zorp.Core import *
from Zorp.Plug import *
from Zorp.Http import *
Zorp.firewall_name = 'zorp@site'
InetZone("site-net", "192.168.100.0/24",
outbound_services=["intra_http"],
inbound_services=[])
InetZone("local", "127.0.0.1/8",
inbound_services=["*"],
outbound_services=[])
InetZone("internet", "0.0.0.0/0",
inbound_services=["*"],
outbound_services=[])
class IntraHttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.transparent_mode = TRUE
def zorp_http():
Service("intra_http", IntraHttp,router=TransparentRouter(forge_addr=TRUE))
Listener(SockAddrInet("192.168.100.135", 50080), "intra_http")
My iptables.conf :
*filter
-P FORWARD ACCEPT
-A INPUT -m tproxy -j ACCEPT
COMMIT
*tproxy
:PREROUTING ACCEPT
:OUTPUT ACCEPT
:PRintra -
-A PREROUTING -i eth0 -d ! 192.168.100.135 -j PRintra
-A PRintra -p tcp --dport 80 -j TPROXY --on-port 50080
COMMIT
Philippe LUCAS