From 33fa80b9ba144af1921bfb96b26810bb2b4d401a Mon Sep 17 00:00:00 2001 From: Nicolas Dandrimont Date: Mon, 12 May 2008 21:38:31 +0200 Subject: [PATCH] Sable est le nouveau proxy transparent. darcs-hash:20080512193831-ffbb2-197dfad2f006cf3ed25415b2ca2703591ba9f9d0.gz --- gestion/gen_confs/firewall.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py index 537c79a5..a0d01b02 100755 --- a/gestion/gen_confs/firewall.py +++ b/gestion/gen_confs/firewall.py @@ -627,7 +627,7 @@ class firewall_komaz(firewall_crans) : # Proxy transparent iptables("-t nat -A PREROUTING -p tcp -m mark --mark %s " % conf_fw.mark['proxy'] + - "-j DNAT --to-destination 10.231.136.10:3128") + "-j DNAT --to-destination 10.231.136.9:3128") print OK def filter_table_tweaks(self) : @@ -1168,7 +1168,22 @@ class firewall_sila(firewall_rouge): # Pour le proxy transparent iptables("-t nat -I PREROUTING -i crans.2 -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy']) -firewall_sable = firewall_sila +class firewall_sable(firewall_rouge): + """Comme pour rouge, avec le proxy transparent en plus""" + + def mangle_table(self): + # Pour le proxy transparent + iptables("-t mangle -F PREROUTING") + iptables("-t mangle -i crans.2 -A PREROUTING -p tcp --destination-port 3128 " + + "--destination 10.231.136.9 " + + "-m mac --mac-source %s " % mac_komaz + + "-j MARK --set-mark %s" % conf_fw.mark['proxy']) + iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy']) + + def nat_table(self): + firewall_rouge.nat_table(self) + # Pour le proxy transparent + iptables("-t nat -I PREROUTING -i crans.2 -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy']) firewall_bleu = firewall_zamok