[zorp] Zorp GPL-VERSION
5 views
Skip to first unread message
Bal...@mail.balabit.hu
Sep 18, 2015, 5:33:28 PM9/18/15
to
On Tue, Feb 18, 2003 at 08:34:23PM -0300, Ivan Lopez wrote:
> Hello:
> Congratulations for your product.
> First: Pardon for my English. I'm a beginner (in English, Zorp and Python)
No need to worry about your English, we are not native English speakers
either.
Although a bit of understanding in Python does not hurt, but is not
absolutely necessary.
The most important is to take care about indentation. When a block is
started (either if, def, or class statement) the enclosed block _must_ be
indented consistently. E.g.
def Zhttp():
# this must be indented by the same amount
# as this line
# increasing indent without the start of a block is
# forbidden
pass
> Second: I`ve intalled zorp 2.0.1 (GPL-VERSION!!!)in my linux box. I want to
> configure zorp as Reverse Proxy (is this posible with this version?). If it
> is, I´m having problems with my installation/configuration.
Yes, reverse proxy configuration is certainly possible.
> Below are instances.conf and policy-http.py files:
> Instances.conf (grep -v ^.*# /etc/zorp/instances.conf)
> --------------
> Zhttp --verbose=10 --policy /etc/zorp/policy-http.py
>
> policy-http.py (grep -v ^.*# /etc/zorp/policy-http.py)
> --------------
As I see the example you are using as your policy file is a bit outdated (it
seems to be a policy for Zorp 0.6)
I include my fixes in your policy file below.
>
>
> from Zorp.Zorp import *
> from Zorp import Zorp
> from Zorp.Zone import InetZone
> from Zorp.Service import Service
> from Zorp.SockAddr import SockAddrInet
> from Zorp.Chainer import DirectedChainer
> from Zorp import Http
> from Zorp.Http import HttpProxy
> from Zorp.Listener import Listener
# Zorp.Core imports all required symbols
from Zorp.Core import *
# this one imports Http proxy
from Zorp.Http import *
>
> Zorp.firewall_name = 'zorp@bcpc'
>
> InetZone("cpc", "192.168.1.0/24",
> outbound_services=[],
>
> inbound_services=["INhttp"]),
no comma is permitted after the Zone definition.
>
> InetZone("local", "127.0.0.0/8",
> inbound_services=["*"],
> outbound_services=[]),
comma is not allowed here either
>
> InetZone("internet", "0.0.0.0/0",
> inbound_services=[],
> outbound_services=["INhttp"])
>
>
> class INhttp(HttpProxy):
> def config(self):
> HttpProxy.config(self)
> self.transparent_mode = 0
> def init(Zhttp):
>
> Service("INhttp", DirectedChainer(SockAddrInet("192.168.1.100",
> 80)),\
> INhttp)
> Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp")
Here you made a mistake in your indentation. the correct function definition
is:
def Zhttp():
Service("INhttp", INhttp,
router=DirectedRouter(SockAddrInet('192.168.1.100", 80)))
Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp")
That's it. The preferred way of creating multiple instances in a single
policy file is to create a function named the same as the instance.
So as you had an instance named Zhttp in your instances.conf file, I created
a function named Zhttp(), this takes no arguments.
The function named init() would also work, if you write an init() function
the instance specific function would not be called, as you override the
default init() function provided by Zorp.
Here's a complete policy file:
from Zorp.Core import *
from Zorp.Http import *
Zorp.firewall_name = 'zorp@bcpc'
InetZone("cpc", "192.168.1.0/24",
outbound_services=[],
inbound_services=["INhttp"])
InetZone("local", "127.0.0.0/8",
inbound_services=["*"],
outbound_services=[])
InetZone("internet", "0.0.0.0/0",
inbound_services=[],
outbound_services=["INhttp"])
class INhttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.transparent_mode = 0
def Zhttp():
Service("INhttp", INhttp,
router=DirectedRouter(SockAddrInet("192.168.1.100", 80)))
Listener(SockAddrInet("aaa.bb.cc.ddd", 1555), "INhttp")
> Debian 3.0.0 r0 (woody)
> python 2.1.3-3
> python-extclass 1.2-5
> Zorp 2.0.0-1
> Zorp-modules 2.0.0-1
> libzorpll 2.0.18.4-1
> libglib2 2.0.6-1
>
> NOTE: When I install zorp I run:
> dpkg -i --ignore-depends=libzorpll zorp_2.0-1_i386.deb
> because zorp depends from libzorpll and libzorpll depends from zorp. Is
> this cycle OK or I've misintalled zorp?
Hm... I've checked this and I've found no anomalies, can you show your dpkg
-s output for the packages you installed?
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
> Hello:
> Congratulations for your product.
> First: Pardon for my English. I'm a beginner (in English, Zorp and Python)
No need to worry about your English, we are not native English speakers
either.
Although a bit of understanding in Python does not hurt, but is not
absolutely necessary.
The most important is to take care about indentation. When a block is
started (either if, def, or class statement) the enclosed block _must_ be
indented consistently. E.g.
def Zhttp():
# this must be indented by the same amount
# as this line
# increasing indent without the start of a block is
# forbidden
pass
> Second: I`ve intalled zorp 2.0.1 (GPL-VERSION!!!)in my linux box. I want to
> configure zorp as Reverse Proxy (is this posible with this version?). If it
> is, I´m having problems with my installation/configuration.
Yes, reverse proxy configuration is certainly possible.
> Below are instances.conf and policy-http.py files:
> Instances.conf (grep -v ^.*# /etc/zorp/instances.conf)
> --------------
> Zhttp --verbose=10 --policy /etc/zorp/policy-http.py
>
> policy-http.py (grep -v ^.*# /etc/zorp/policy-http.py)
> --------------
As I see the example you are using as your policy file is a bit outdated (it
seems to be a policy for Zorp 0.6)
I include my fixes in your policy file below.
>
>
> from Zorp.Zorp import *
> from Zorp import Zorp
> from Zorp.Zone import InetZone
> from Zorp.Service import Service
> from Zorp.SockAddr import SockAddrInet
> from Zorp.Chainer import DirectedChainer
> from Zorp import Http
> from Zorp.Http import HttpProxy
> from Zorp.Listener import Listener
# Zorp.Core imports all required symbols
from Zorp.Core import *
# this one imports Http proxy
from Zorp.Http import *
>
> Zorp.firewall_name = 'zorp@bcpc'
>
> InetZone("cpc", "192.168.1.0/24",
> outbound_services=[],
>
> inbound_services=["INhttp"]),
no comma is permitted after the Zone definition.
>
> InetZone("local", "127.0.0.0/8",
> inbound_services=["*"],
> outbound_services=[]),
comma is not allowed here either
>
> InetZone("internet", "0.0.0.0/0",
> inbound_services=[],
> outbound_services=["INhttp"])
>
>
> class INhttp(HttpProxy):
> def config(self):
> HttpProxy.config(self)
> self.transparent_mode = 0
> def init(Zhttp):
>
> Service("INhttp", DirectedChainer(SockAddrInet("192.168.1.100",
> 80)),\
> INhttp)
> Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp")
Here you made a mistake in your indentation. the correct function definition
is:
def Zhttp():
Service("INhttp", INhttp,
router=DirectedRouter(SockAddrInet('192.168.1.100", 80)))
Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp")
That's it. The preferred way of creating multiple instances in a single
policy file is to create a function named the same as the instance.
So as you had an instance named Zhttp in your instances.conf file, I created
a function named Zhttp(), this takes no arguments.
The function named init() would also work, if you write an init() function
the instance specific function would not be called, as you override the
default init() function provided by Zorp.
Here's a complete policy file:
from Zorp.Core import *
from Zorp.Http import *
Zorp.firewall_name = 'zorp@bcpc'
InetZone("cpc", "192.168.1.0/24",
outbound_services=[],
inbound_services=["INhttp"])
InetZone("local", "127.0.0.0/8",
inbound_services=["*"],
outbound_services=[])
InetZone("internet", "0.0.0.0/0",
inbound_services=[],
outbound_services=["INhttp"])
class INhttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.transparent_mode = 0
def Zhttp():
Service("INhttp", INhttp,
router=DirectedRouter(SockAddrInet("192.168.1.100", 80)))
Listener(SockAddrInet("aaa.bb.cc.ddd", 1555), "INhttp")
> Debian 3.0.0 r0 (woody)
> python 2.1.3-3
> python-extclass 1.2-5
> Zorp 2.0.0-1
> Zorp-modules 2.0.0-1
> libzorpll 2.0.18.4-1
> libglib2 2.0.6-1
>
> NOTE: When I install zorp I run:
> dpkg -i --ignore-depends=libzorpll zorp_2.0-1_i386.deb
> because zorp depends from libzorpll and libzorpll depends from zorp. Is
> this cycle OK or I've misintalled zorp?
Hm... I've checked this and I've found no anomalies, can you show your dpkg
-s output for the packages you installed?
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
Iv...@mail.balabit.hu
Sep 18, 2015, 5:43:26 PM9/18/15
to
Hello:
Congratulations for your product.
First: Pardon for my English. I'm a beginner (in English, Zorp and Python)
Congratulations for your product.
First: Pardon for my English. I'm a beginner (in English, Zorp and Python)
Second: I`ve intalled zorp 2.0.1 (GPL-VERSION!!!)in my linux box. I want to
configure zorp as Reverse Proxy (is this posible with this version?). If it
is, I´m having problems with my installation/configuration.
configure zorp as Reverse Proxy (is this posible with this version?). If it
is, I´m having problems with my installation/configuration.
Below are instances.conf and policy-http.py files:
Instances.conf (grep -v ^.*# /etc/zorp/instances.conf)
--------------
Zhttp --verbose=10 --policy /etc/zorp/policy-http.py
policy-http.py (grep -v ^.*# /etc/zorp/policy-http.py)
--------------
Instances.conf (grep -v ^.*# /etc/zorp/instances.conf)
--------------
Zhttp --verbose=10 --policy /etc/zorp/policy-http.py
policy-http.py (grep -v ^.*# /etc/zorp/policy-http.py)
--------------
from Zorp.Zorp import *
from Zorp import Zorp
from Zorp.Zone import InetZone
from Zorp.Service import Service
from Zorp.SockAddr import SockAddrInet
from Zorp.Chainer import DirectedChainer
from Zorp import Http
from Zorp.Http import HttpProxy
from Zorp.Listener import Listener
from Zorp import Zorp
from Zorp.Zone import InetZone
from Zorp.Service import Service
from Zorp.SockAddr import SockAddrInet
from Zorp.Chainer import DirectedChainer
from Zorp import Http
from Zorp.Http import HttpProxy
from Zorp.Listener import Listener
Zorp.firewall_name = 'zorp@bcpc'
InetZone("cpc", "192.168.1.0/24",
outbound_services=[],
inbound_services=["INhttp"]),
InetZone("cpc", "192.168.1.0/24",
outbound_services=[],
inbound_services=["INhttp"]),
InetZone("internet", "0.0.0.0/0",
inbound_services=[],
outbound_services=["INhttp"])
class INhttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.transparent_mode = 0
def init(Zhttp):
Service("INhttp", DirectedChainer(SockAddrInet("192.168.1.100",
80)),\
INhttp)
Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp")
When zorp starts I obtain (tail -f syslog):
inbound_services=[],
outbound_services=["INhttp"])
class INhttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.transparent_mode = 0
def init(Zhttp):
Service("INhttp", DirectedChainer(SockAddrInet("192.168.1.100",
80)),\
INhttp)
Listener(SockAddrInet("aaa.bb.cc.ddd", 80), "INhttp")
--------------------------
Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): Verbosity level: 100
Feb 18 19:38:47 bcpc Zhttp[18175]: (Log thread): thread starting;
Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): System dependant init;
sysdep_tproxy='1'
Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): Changing process
capabilities; caps='= cap_net_bind_service+ep cap_net_admin+p'
Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): Changing process
capabilities; caps='= cap_net_bind_service,cap_net_admin+ep'
Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): bind() failed;
error='No such file or directory'
Feb 18 19:38:47 bcpc Zhttp[6578]: (noname/nosession): Resetting process
capabilities; caps='= cap_net_bind_service,cap_net_admin+p'
Feb 18 19:38:47 bcpc Zhttp[31782]: (conntrack/thread): thread starting;
Feb 18 19:38:48 bcpc Zhttp[6578]: zorp version 2.0.0 starting up
Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): Policy bootstrapping...
Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): Traceback (most recent call
last):
Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): File
"/etc/zorp/policy-http.py", line 24, in ?
Feb 18 19:38:48 bcpc Zhttp[6578]: (noname/nosession): Error loading initial
policy, exiting;
Feb 18 19:38:48 bcpc Zhttp[6578]: zorp version 2.0.0 going down.
Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): from Zorp.Chainer
import DirectedChainer
Feb 18 19:38:48 bcpc Zhttp[18175]: (Log thread): ImportError: cannot import
name DirectedChainer
Feb 18 19:38:48 bcpc Zhttp[31782]: (conntrack/thread): thread exiting;
I don't know why bind() fails and I don't know why DirectedChainer is not
in /usr/share/zorp/pylib/Zorp/Chainer.py. Here is the output for (grep
.*class in this file):
class AbstractChainer:
class ConnectChainer(AbstractChainer):
class FailoverChainer(ConnectChainer):
class SideStackChainer(AbstractChainer):
My environment is:
Debian 3.0.0 r0 (woody)
python 2.1.3-3
python-extclass 1.2-5
Zorp 2.0.0-1
Zorp-modules 2.0.0-1
libzorpll 2.0.18.4-1
libglib2 2.0.6-1
NOTE: When I install zorp I run:
dpkg -i --ignore-depends=libzorpll zorp_2.0-1_i386.deb
because zorp depends from libzorpll and libzorpll depends from zorp. Is this
cycle OK or I've misintalled zorp?
I can't find the error in my installation/configuration. Can you help me?
python 2.1.3-3
python-extclass 1.2-5
Zorp 2.0.0-1
Zorp-modules 2.0.0-1
libzorpll 2.0.18.4-1
libglib2 2.0.6-1
NOTE: When I install zorp I run:
dpkg -i --ignore-depends=libzorpll zorp_2.0-1_i386.deb
because zorp depends from libzorpll and libzorpll depends from zorp. Is this
cycle OK or I've misintalled zorp?
Best Regards.
Ivan Lopez
Santa Fe - Argentina
_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.yupimsn.com/
Reply all
Reply to author
Forward
0 new messages