[zorp] Plug proxy es dokumentaciok
13 views
Skip to first unread message
far...@ns.edu.kvif.hu
Sep 18, 2015, 5:39:12 PM9/18/15
to
On Tue, 19 Dec 2000, Balazs Scheidler wrote:
> 1) for redirections to work you need to enable IP forwarding in your kernel
> (even if you have a deny in your forward CHAIN)
Yes. IP forwarding is enabled.
The current kernel working perfectly with the older versions of Zorp.
> 2) can you send me the syslog generated by zorp?
Dec 20 11:15:10 erasmus zorp-http[4693]: Verbosity level: 4
Dec 20 11:15:10 erasmus zorp-http[4693]: zorp version 0.7.7 starting up
Dec 20 11:15:45 erasmus zorp-http[4693]: (zorp/plug_trans:0/plug): session_start, module=plug
Dec 20 11:15:45 erasmus zorp-http[4693]: (zorp/plug_trans:0/plug): client_fd=10, client_addr=AF_INET(192.168.2.2:1576)
Dec 20 11:15:46 erasmus zorp-http[4696]: (zorp/plug_trans:0/plug): server_fd=11, server_addr=AF_INET(193.224.167.248:25)
^^^^^^^^^this is normal?
Andras
> 1) for redirections to work you need to enable IP forwarding in your kernel
> (even if you have a deny in your forward CHAIN)
Yes. IP forwarding is enabled.
The current kernel working perfectly with the older versions of Zorp.
> 2) can you send me the syslog generated by zorp?
Dec 20 11:15:10 erasmus zorp-http[4693]: Verbosity level: 4
Dec 20 11:15:10 erasmus zorp-http[4693]: zorp version 0.7.7 starting up
Dec 20 11:15:45 erasmus zorp-http[4693]: (zorp/plug_trans:0/plug): session_start, module=plug
Dec 20 11:15:45 erasmus zorp-http[4693]: (zorp/plug_trans:0/plug): client_fd=10, client_addr=AF_INET(192.168.2.2:1576)
Dec 20 11:15:46 erasmus zorp-http[4696]: (zorp/plug_trans:0/plug): server_fd=11, server_addr=AF_INET(193.224.167.248:25)
^^^^^^^^^this is normal?
Andras
Bal...@mail.balabit.hu
Sep 18, 2015, 5:44:09 PM9/18/15
to
> > the 0.7 version of Zorp changes some Chainer parameters. TransparentChainer
> > is good as it was in the policy.
> >
> > As I see you are trying to enable outbound SMTP with zorp. Did you add
> > a redirect rule to your ipchains config?
> Yes. I added.
> ipchains -I input -i eth1 -p tcp -d 0.0.0.0/0 25 -j REDIRECT 2525
> eth1 is the inside of the firewall (192.168.2.1), the outside is eth0
> (192.168.1.159)
1) for redirections to work you need to enable IP forwarding in your kernel
(even if you have a deny in your forward CHAIN)
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt
> > is good as it was in the policy.
> >
> > As I see you are trying to enable outbound SMTP with zorp. Did you add
> > a redirect rule to your ipchains config?
> Yes. I added.
> ipchains -I input -i eth1 -p tcp -d 0.0.0.0/0 25 -j REDIRECT 2525
> eth1 is the inside of the firewall (192.168.2.1), the outside is eth0
> (192.168.1.159)
1) for redirections to work you need to enable IP forwarding in your kernel
(even if you have a deny in your forward CHAIN)
2) can you send me the syslog generated by zorp?
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt
far...@ns.edu.kvif.hu
Sep 18, 2015, 5:44:10 PM9/18/15
to
0.7.7-es zorp van fent es nem igazan akar mukodni a kov. policy:
# Zorp config file
######################################################################
from Zorp.Zorp import *
from Zorp import Zorp
from Zorp.Zone import InetZone
from Zorp.Service import Service
from Zorp.SockAddr import SockAddrInet
from Zorp.Chainer import TransparentChainer, DirectedChainer, InbandChainer
from Zorp.Plug import PlugProxy
from Zorp import Http
from Zorp.Http import HttpProxy
from Zorp.Ftp import FtpProxyAllow
from Zorp.Listener import Listener
Zorp.firewall_name = 'zorp@firewall'
Zorp.zones= [
InetZone("intranet","192.168.2.0","255.255.255.0",None,
outbound_services=["plug_trans"],
inbound_services=[]),
InetZone("internet","0.0.0.0","0.0.0.0",None,
outbound_services=[],
inbound_services=["plug_trans"]),
]
class MyPlug(PlugProxy):
def config(self):
pass
def init(name):
trans_plug = Service("plug_trans",TransparentChainer(),MyPlug)
Listener(SockAddrInet("192.168.2.1",2525),trans_plug)
##############################
Csatlakozni tudok a tavoli mail szerverhez de visszafele nem jon semmi.
A forraskodon kivul van mar valami mas doksi is? Mag irt valamit egy 180
oldalas doksirol. elerheto az valahol?
Andars
--------------------------------------------------------------------------
"A Linux nem mas, mint szellemes megoldasok tomeny es dinamikus halmaza,
amely a kivancsi embert folyamatosan ellatja kiprobalni valo csemegevel."
--------={ United Nazbuls homepage: http://lino.kvif.hu/~farago }=--------
# Zorp config file
######################################################################
from Zorp.Zorp import *
from Zorp import Zorp
from Zorp.Zone import InetZone
from Zorp.Service import Service
from Zorp.SockAddr import SockAddrInet
from Zorp.Chainer import TransparentChainer, DirectedChainer, InbandChainer
from Zorp.Plug import PlugProxy
from Zorp import Http
from Zorp.Http import HttpProxy
from Zorp.Ftp import FtpProxyAllow
from Zorp.Listener import Listener
Zorp.firewall_name = 'zorp@firewall'
Zorp.zones= [
InetZone("intranet","192.168.2.0","255.255.255.0",None,
outbound_services=["plug_trans"],
inbound_services=[]),
InetZone("internet","0.0.0.0","0.0.0.0",None,
outbound_services=[],
inbound_services=["plug_trans"]),
]
class MyPlug(PlugProxy):
def config(self):
pass
def init(name):
trans_plug = Service("plug_trans",TransparentChainer(),MyPlug)
Listener(SockAddrInet("192.168.2.1",2525),trans_plug)
##############################
Csatlakozni tudok a tavoli mail szerverhez de visszafele nem jon semmi.
A forraskodon kivul van mar valami mas doksi is? Mag irt valamit egy 180
oldalas doksirol. elerheto az valahol?
Andars
--------------------------------------------------------------------------
"A Linux nem mas, mint szellemes megoldasok tomeny es dinamikus halmaza,
amely a kivancsi embert folyamatosan ellatja kiprobalni valo csemegevel."
--------={ United Nazbuls homepage: http://lino.kvif.hu/~farago }=--------
far...@ns.edu.kvif.hu
Sep 18, 2015, 5:44:10 PM9/18/15
to
On Tue, 19 Dec 2000, Balazs Scheidler wrote:
> the 0.7 version of Zorp changes some Chainer parameters. TransparentChainer
> is good as it was in the policy.
>
> As I see you are trying to enable outbound SMTP with zorp. Did you add
> a redirect rule to your ipchains config?
Yes. I added.
ipchains -I input -i eth1 -p tcp -d 0.0.0.0/0 25 -j REDIRECT 2525
eth1 is the inside of the firewall (192.168.2.1), the outside is eth0
(192.168.1.159)
>
> PS: you can use the zorp-hu mailing list for Hungarian submissions.
> is good as it was in the policy.
>
> As I see you are trying to enable outbound SMTP with zorp. Did you add
> a redirect rule to your ipchains config?
Yes. I added.
ipchains -I input -i eth1 -p tcp -d 0.0.0.0/0 25 -j REDIRECT 2525
eth1 is the inside of the firewall (192.168.2.1), the outside is eth0
(192.168.1.159)
>
Sorry for the mail.
>
> --
> Bazsi
> PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
> url: http://www.balabit.hu/pgpkey.txt
>
> _______________________________________________
> --
> Bazsi
> PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
> url: http://www.balabit.hu/pgpkey.txt
>
> zorp mailing list
> zo...@lists.balabit.hu
> http://lists.balabit.hu/mailman/listinfo/zorp
>
Bal...@mail.balabit.hu
Sep 18, 2015, 5:44:10 PM9/18/15
to
> A forraskodon kivul van mar valami mas doksi is? Mag irt valamit egy 180
> oldalas doksirol. elerheto az valahol?
The above means in English: is there any documentation besides the source?
> oldalas doksirol. elerheto az valahol?
Mag has written something about a 180 pages doc, is it available somewhere?
My answer is: that documentation is written into docstrings in Python, which
can be used to generate .html or .ps docs using pythondoc. I'm however not
satisfied with the way it looks like, so I'm currently trying to hack
pythondoc a bit. For the time being, you can generate reference docs using:
cd pylib/Zorp
mkdir html
find . -name \*.py | grep -v __init__ | xargs pythondoc -i -d html -f HTML4
The generated docs will be found in the ./html subdirectory.
Reply all
Reply to author
Forward
0 new messages