[zorp] Zorp and Traffic Control

Philippe Lucas zorp@lists.balabit.hu
Mon, 26 May 2003 17:43:51 -0400 

This is a multi-part message in MIME format.
--------------030300030606010605050507
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

> Hmm. The log snippet above shows that a client was connected from
> 192.168.100.199:2092, with a destination address 192.168.0.251:80 and Zorp
> wanted to connect to the same server using the local address
> 192.168.0.134:42488. This means that it did not even try to use the forged
> address...
>
> Please try using ForgeClientSourceNAT as SNAT instead of the forge_addr
> parameter, like:
>
> def zorp_http():
>     Service("intra_http", HttpProxy, router=TransparentRouter(),
>         snat=ForgeClientSourceNAT())
>     ....
>
> (ForgeClientSourceNAT was the previous way to specify address forging)
>
> If this does work, then there's some problem in forge_addr, if it doesn't
> I'd suspect some problems with the --autobind-ip arguments.


It's working!

My instances.conf :
zorp_http   --autobind-ip 192.168.100.135    --verbose=5 --policy 
/etc/zorp/policy.py

My policy.py :
def zorp_http():
        Service("intra_http", 
IntraHttp,router=TransparentRouter(),snat=ForgeClientSourceNAT())
        Listener(SockAddrInet("192.168.100.135", 50080), "intra_http")


I'm very happy, thank you :o)

I'd now like to modify a body data of a http transfert. how can I do that?

Philippe Lucas





--------------030300030606010605050507
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
<blockquote type="cite">Hmm. The log snippet above shows that a client
was connected from<br>
192.168.100.199:2092, with a destination address 192.168.0.251:80 and
Zorp<br>
wanted to connect to the same server using the local address<br>
192.168.0.134:42488. This means that it did not even try to use the
forged<br>
address...<br>
  <br>
Please try using ForgeClientSourceNAT as SNAT instead of the forge_addr<br>
parameter, like:<br>
  <br>
def zorp_http():<br>
&nbsp;&nbsp; &nbsp;Service("intra_http", HttpProxy, router=TransparentRouter(),<br>
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;snat=ForgeClientSourceNAT())<br>
&nbsp;&nbsp; &nbsp;....<br>
  <br>
(ForgeClientSourceNAT was the previous way to specify address forging)<br>
  <br>
If this does work, then there's some problem in forge_addr, if it
doesn't<br>
I'd suspect some problems with the --autobind-ip arguments.<br>
</blockquote>
<br>
It's working!<br>
<br>
My instances.conf :<br>
zorp_http&nbsp;&nbsp; --autobind-ip 192.168.100.135&nbsp;&nbsp;&nbsp; --verbose=5 --policy
/etc/zorp/policy.py<br>
<br>
My policy.py :<br>
def zorp_http():<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Service("intra_http",
IntraHttp,router=TransparentRouter(),snat=ForgeClientSourceNAT())<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Listener(SockAddrInet("192.168.100.135", 50080), "intra_http")<br>
<br>
<br>
I'm very happy, thank you :o)<br>
<br>
I'd now like to modify a body data of a http transfert. how can I do
that?<br>
<br>
Philippe Lucas<br>
<br>
<br>
<br>
<br>
</body>
</html>

--------------030300030606010605050507--