Sable est le nouveau proxy transparent.

darcs-hash:20080512193831-ffbb2-197dfad2f006cf3ed25415b2ca2703591ba9f9d0.gz
2008-05-12 21:38:31 +02:00 · 2008-05-12 21:38:31 +02:00 · 33fa80b9ba
commit 33fa80b9ba
parent be877b41da
1 changed files with 17 additions and 2 deletions
--- a/gestion/gen_confs/firewall.py
+++ b/gestion/gen_confs/firewall.py
@ -627,7 +627,7 @@ class firewall_komaz(firewall_crans) :

        # Proxy transparent
        iptables("-t nat -A PREROUTING -p tcp -m mark --mark %s " % conf_fw.mark['proxy'] +
-                 "-j DNAT --to-destination 10.231.136.10:3128")
+                 "-j DNAT --to-destination 10.231.136.9:3128")
        print OK

    def filter_table_tweaks(self) :
@ -1168,7 +1168,22 @@ class firewall_sila(firewall_rouge):
        # Pour le proxy transparent
        iptables("-t nat -I PREROUTING -i crans.2 -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])

-firewall_sable = firewall_sila
+class firewall_sable(firewall_rouge):
+    """Comme pour rouge, avec le proxy transparent en plus"""
+
+    def mangle_table(self):
+        # Pour le proxy transparent
+        iptables("-t mangle -F PREROUTING")
+        iptables("-t mangle -i crans.2 -A PREROUTING -p tcp --destination-port 3128 " + 
+                 "--destination 10.231.136.9 " + 
+                 "-m mac --mac-source %s " % mac_komaz +
+                 "-j MARK --set-mark %s" % conf_fw.mark['proxy'])
+        iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
+
+    def nat_table(self):
+        firewall_rouge.nat_table(self)
+        # Pour le proxy transparent
+        iptables("-t nat -I PREROUTING -i crans.2 -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])

 firewall_bleu = firewall_zamok