[zorp] iptables configuration for zorp alg
Tillmann Werner
zorp@lists.balabit.hu
Thu, 24 Feb 2005 03:51:13 +0100
Hi Baszi,
first of all thanks for your fast reply. I spent the last days compiling
different versions of zorp gpl to make sure to "configure" with
"--with-tproxy=netfilter". The stable release was the only version I
could get running 'till now...
> If you see sysdep_tproxy=1 or linux22 then Zorp did not detect your
> tproxy correctly, maybe you don't have the autobind interface
> configured correctly. Zorp also reminds you about this, with a
> logmessage like "Error autobinding socket..."
I've got "sysdep_tproxy=1" indeed. The system runs a tproxy-patched
2.6.10 kernel (uml), my python is 2.3.3. Are there any known tproxy
detection problems on such a setup?
> If you post the startup logs (by running /usr/lib/zorp/zorp -v8 -l
> -T) I might help you identify other problems as well.
This is from a freshly installed stable release with the example policy
file (without the "python future warnings"):
-------------------------------------------
root@tproxy:#> /usr/local/lib/zorp/zorp -v8 -l -T
Zorp-INFO: core.debug(0): (noname/nosession): Verbosity level: 8
Zorp-INFO: core.debug(6): (noname/nosession): System dependant init;
sysdep_tproxy='1'
Zorp-INFO: core.debug(7): (noname/nosession): Start to listen; fd='5'
Zorp-INFO: core.debug(6): (conntrack/thread): thread starting;
Zorp-INFO: core.info(5): zorp version 2.0.9 starting up
Zorp-INFO: core.debug(5): (noname/nosession): Zone(site-net): outbound
service=intra_http
Zorp-INFO: core.debug(5): (noname/nosession): Zone(site-net): outbound
service=intra_ftp
Zorp-INFO: core.debug(5): (noname/nosession): Zone(site-net): outbound
service=intra_cvs
Zorp-INFO: core.debug(5): (noname/nosession): Zone(local): inbound
service=*
Zorp-INFO: core.debug(5): (noname/nosession): Zone(internet): inbound
service=*
Zorp-INFO: core.error(0): (noname/nosession): Instance definition not
found in policy; instance='zorp'
Traceback (most recent call last):
File "/usr/local/share/zorp/pylib/Zorp/Zorp.py", line 175, in init
func()
UnboundLocalError: local variable 'func' referenced before assignment
Zorp-INFO: core.error(0): (noname/nosession): Error initializing policy;
Zorp-INFO: core.error(0): (noname/nosession): Error loading initial
policy, exiting;
Zorp-INFO: core.info(5): zorp version 2.0.9 going down.
Zorp-INFO: core.debug(6): (conntrack/thread): thread exiting;
root@tproxy:#>
-------------------------------------------
Till