crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sable est le nouveau proxy transparent.

Browse source 
darcs-hash:20080512193831-ffbb2-197dfad2f006cf3ed25415b2ca2703591ba9f9d0.gz
This commit is contained in:
Nicolas Dandrimont 2008-05-12 21:38:31 +02:00
parent be877b41da
commit 33fa80b9ba
1 changed files with 17 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
gestion/gen_confs/firewall.py
View file

@ -627,7 +627,7 @@ class firewall_komaz(firewall_crans) :
# Proxy transparent # Proxy transparent
iptables("-t nat -A PREROUTING -p tcp -m mark --mark %s " % conf_fw.mark['proxy'] + iptables("-t nat -A PREROUTING -p tcp -m mark --mark %s " % conf_fw.mark['proxy'] +
"-j DNAT --to-destination 10.231.136.10:3128") "-j DNAT --to-destination 10.231.136.9:3128")
print OK print OK
def filter_table_tweaks(self) : def filter_table_tweaks(self) :
@ -1168,7 +1168,22 @@ class firewall_sila(firewall_rouge):
# Pour le proxy transparent # Pour le proxy transparent
iptables("-t nat -I PREROUTING -i crans.2 -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy']) iptables("-t nat -I PREROUTING -i crans.2 -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
firewall_sable = firewall_sila class firewall_sable(firewall_rouge):
"""Comme pour rouge, avec le proxy transparent en plus"""
def mangle_table(self):
# Pour le proxy transparent
iptables("-t mangle -F PREROUTING")
iptables("-t mangle -i crans.2 -A PREROUTING -p tcp --destination-port 3128 " +
"--destination 10.231.136.9 " +
"-m mac --mac-source %s " % mac_komaz +
"-j MARK --set-mark %s" % conf_fw.mark['proxy'])
iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
def nat_table(self):
firewall_rouge.nat_table(self)
# Pour le proxy transparent
iptables("-t nat -I PREROUTING -i crans.2 -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
firewall_bleu = firewall_zamok firewall_bleu = firewall_zamok