по правилам iptables, для работы Napix'а
3 views
Skip to first unread message
Supme
May 12, 2011, 5:23:43 AM5/12/11
to napix
Две сетевухи: eth0 смотрит в интернет, получает адрес по DHCP, другая
в локал раздает адреса.
в локал раздает адреса.
делаю так
iptables -N NAPIX_ACCESS
iptables -I FORWARD -j ULOG
iptables -I FORWARD 2 -j NAPIX_ACCESS
# Маскишоу.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Врубаем проброс
echo 1 > /proc/sys/net/ipv4/ip_forward
инет раздает, но не режет трафик, при этом скорость режется, если
входим пользователем.
ЧЯДНТ?
shagy
May 12, 2011, 8:35:47 PM5/12/11
to napix
День добрый, проверьте цепочку NAPIX_ACCESS,
iptables -L -vn NAPIX_ACCESS
В ней должны быть запрещающие и разрешающие правила.
Supme
May 13, 2011, 9:45:39 AM5/13/11
to napix
Разрешающие есть, а вот запрещающих найн...
shagy
May 13, 2011, 12:40:06 PM5/13/11
to napix
Тогда добавьте запрещающее правило,
iptables -A NAPIX_ACCESS -j REJECT
Supme
May 16, 2011, 1:40:25 AM5/16/11
to napix
Тогда не входит в веб интерфейс.
Да и трафик проходящий не считается, в iptable пакеты добавляются, а в
интерфейсе нет.
Да и трафик проходящий не считается, в iptable пакеты добавляются, а в
интерфейсе нет.
shagy
May 21, 2011, 12:33:10 AM5/21/11
to napix
Дайте пожалуйста полный листинг,
iptables -L -vn
Supme
May 23, 2011, 3:11:49 AM5/23/11
to napix
скрипт делал такой:
#!/bin/sh
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -N NAPIX_ACCESS
$IPTABLES -I FORWARD -j ULOG
$IPTABLES -I FORWARD 2 -j NAPIX_ACCESS
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything
else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP
#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as
chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Вывод iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
635 51822 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 48 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x17/0x02
0 0 REJECT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
1 347 DROP all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 flags:0x17/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 flags:0x17/0x02
8 480 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0 ULOG copy_range 0 nlgroup 1 queue_threshold 1
0 0 NAPIX_ACCESS all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 609 packets, 152K bytes)
pkts bytes target prot opt in out source
destination
Chain NAPIX_ACCESS (1 references)
pkts bytes target prot opt in out source
destination
#!/bin/sh
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -N NAPIX_ACCESS
$IPTABLES -I FORWARD -j ULOG
$IPTABLES -I FORWARD 2 -j NAPIX_ACCESS
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything
else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP
#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as
chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Вывод iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
635 51822 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 48 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x17/0x02
0 0 REJECT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
1 347 DROP all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 flags:0x17/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 flags:0x17/0x02
8 480 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0 ULOG copy_range 0 nlgroup 1 queue_threshold 1
0 0 NAPIX_ACCESS all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 609 packets, 152K bytes)
pkts bytes target prot opt in out source
destination
Chain NAPIX_ACCESS (1 references)
pkts bytes target prot opt in out source
destination
shagy
May 23, 2011, 9:34:07 AM5/23/11
to napix
Думаю вам не хватает правила ESTABLISHED в цепочку FORWARD, а так же
проверьте отрабоку скриптов bin/CheckAccess.pl && bin/fw_update.pl
проверьте отрабоку скриптов bin/CheckAccess.pl && bin/fw_update.pl
Привидите пожалуйста дамп логов по этим скриптам, логи пишутся через
syslog.
On May 23, 1:11 pm, Supme <sup...@gmail.com> wrote:
> ÓËÒÉÐÔ ÄÅÌÁÌ ÔÁËÏÊ:
> ÷Ù×ÏÄ iptables -L -vn
> On 21 ÍÁÊ, 08:33, shagy <shagimura...@gmail.com> wrote:
>
>
>
>
>
>
>
> > äÁÊÔÅ ÐÏÖÁÌÕÊÓÔÁ ÐÏÌÎÙÊ ÌÉÓÔÉÎÇ,
>
> > iptables -L -vn
>
> > On May 16, 11:40šam, Supme <sup...@gmail.com> wrote:
>
> > > ôÏÇÄÁ ÎÅ ×ÈÏÄÉÔ × ×Å ÉÎÔÅÒÆÅÊÓ.
> > > äÁ É ÔÒÁÆÉË ÐÒÏÈÏÄÑÝÉÊ ÎÅ ÓÞÉÔÁÅÔÓÑ, × iptable ÐÁËÅÔÙ ÄÏÂÁ×ÌÑÀÔÓÑ, Á ×
> > > ÉÎÔÅÒÆÅÊÓÅ ÎÅÔ.
>
> > > On 13 ÍÁÊ, 20:40, shagy <shagimura...@gmail.com> wrote:
>
> > > > ôÏÇÄÁ ÄÏÂÁ×ØÔÅ ÚÁÐÒÅÝÁÀÝÅÅ ÐÒÁ×ÉÌÏ,
>
> > > > iptables -A NAPIX_ACCESS -j REJECT
>
> > > > On 13 ÍÁÊ, 19:45, Supme <sup...@gmail.com> wrote:
>
> > > > > òÁÚÒÅÛÁÀÝÉÅ ÅÓÔØ, Á ×ÏÔ ÚÁÐÒÅÝÁÀÝÉÈ ÎÁÊÎ...
>
> > > > > On 13 ÍÁÊ, 04:35, shagy <shagimura...@gmail.com> wrote:
>
> > > > > > äÅÎØ ÄÏÂÒÙÊ, ÐÒÏ×ÅÒØÔÅ ÃÅÐÏÞËÕ NAPIX_ACCESS,
>
> > > > > > iptables -L -vn NAPIX_ACCESS
>
> > > > > > ÷ ÎÅÊ ÄÏÌÖÎÙ ÂÙÔØ ÚÁÐÒÅÝÁÀÝÉÅ É ÒÁÚÒÅÛÁÀÝÉÅ ÐÒÁ×ÉÌÁ.
>
> > > > > > On 12 ÍÁÊ, 15:23, Supme <sup...@gmail.com> wrote:
>
> > > > > > > ä×Å ÓÅÔÅ×ÕÈÉ: eth0 ÓÍÏÔÒÉÔ × ÉÎÔÅÒÎÅÔ, ÐÏÌÕÞÁÅÔ ÁÄÒÅÓ ÐÏ DHCP, ÄÒÕÇÁÑ
> > > > > > > × ÌÏËÁÌ ÒÁÚÄÁÅÔ ÁÄÒÅÓÁ.
>
> > > > > > > ÄÅÌÁÀ ÔÁË
>
> > > > > > > iptables -N NAPIX_ACCESS
> > > > > > > iptables -I FORWARD -j ULOG
> > > > > > > iptables -I FORWARD 2 -j NAPIX_ACCESS
>
> > > > > > > # íÁÓËÉÛÏÕ.
> > > > > > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> > > > > > > # ÷ÒÕÂÁÅÍ ÐÒÏÂÒÏÓ
> > > > > > > echo 1 > /proc/sys/net/ipv4/ip_forward
>
> > > > > > > ÉÎÅÔ ÒÁÚÄÁÅÔ, ÎÏ ÎÅ ÒÅÖÅÔ ÔÒÁÆÉË, ÐÒÉ ÜÔÏÍ ÓËÏÒÏÓÔØ ÒÅÖÅÔÓÑ, ÅÓÌÉ
> > > > > > > ×ÈÏÄÉÍ ÐÏÌØÚÏ×ÁÔÅÌÅÍ.
>
> > > > > > > þñäîô?
Supme
May 24, 2011, 1:00:55 AM5/24/11
to napix
syslog
May 24 08:48:46 gate rsyslogd: [origin software="rsyslogd"
swVersion="3.18.6" x-pid="2432" x-info="http://www.rsyslog.com"]
restart
May 24 08:48:48 gate dhcpd: Internet Systems Consortium DHCP Server
V3.1.1
May 24 08:48:48 gate dhcpd: Copyright 2004-2008 Internet Systems
Consortium.
May 24 08:48:48 gate dhcpd: All rights reserved.
May 24 08:48:48 gate dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
May 24 08:48:48 gate dhcpd: Internet Systems Consortium DHCP Server
V3.1.1
May 24 08:48:48 gate dhcpd: Copyright 2004-2008 Internet Systems
Consortium.
May 24 08:48:48 gate dhcpd: All rights reserved.
May 24 08:48:48 gate dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
May 24 08:48:48 gate dhcpd: Wrote 2 leases to leases file.
May 24 08:48:50 gate /usr/sbin/cron[2782]: (CRON) INFO (pidfile fd =
3)
May 24 08:48:50 gate /usr/sbin/cron[2783]: (CRON) STARTUP (fork ok)
May 24 08:48:50 gate /usr/sbin/cron[2783]: (CRON) INFO (Running
@reboot jobs)
May 24 08:48:51 gate kernel: [ 52.354767] ip_tables: (C) 2000-2006
Netfilter Core Team
May 24 08:48:51 gate kernel: [ 52.489358] nf_conntrack version 0.5.0
(4096 buckets, 16384 max)
May 24 08:48:54 gate kernel: [ 55.940009] eth1: no IPv6 routers
present
May 24 08:48:54 gate kernel: [ 56.048009] eth0: no IPv6 routers
present
May 24 08:48:54 gate flow-capture[2856]: setsockopt(size=4194304)
May 24 08:49:01 gate /USR/SBIN/CRON[2930]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 08:49:01 gate /USR/SBIN/CRON[2931]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 08:49:11 gate fw_update[2936]: Started.
May 24 08:49:11 gate CalcBalance[2934]: Started.
May 24 08:49:12 gate fw_update[2936]: Received 0 tasks, nothing to do.
May 24 08:49:12 gate fw_update[2936]: Finished.
May 24 08:49:12 gate CalcBalance[2934]: Got 3 users from database.
May 24 08:49:12 gate CalcBalance[2934]: Getting sessions from database
in time interval 2011-5-24 - 2011-5-24 23:59.
May 24 08:49:12 gate CalcBalance[2934]: Getting options from DB.
May 24 08:49:12 gate CalcBalance[2934]: Have got 4 sessions.
May 24 08:49:12 gate CalcBalance[2934]: Bills inserted 0, updated 0.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
bills.
May 24 08:49:12 gate CalcBalance[2934]: Inserted 0 and updated 0 rows
in t_bills_directions.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
t_bills_directions.
May 24 08:49:12 gate CalcBalance[2934]: Updated amount for 0 bills
cause they "per directions".
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
bills amount.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
fees.
May 24 08:49:12 gate CalcBalance[2934]: Balance updated for 2 users.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
balances.
May 24 08:49:12 gate CalcBalance[2934]: File /usr/local/napix/run/
CalcBalance.lock removed.
May 24 08:49:12 gate CalcBalance[2934]: Finished.
May 24 08:49:17 gate tc_update[2942]: Started.
May 24 08:49:17 gate tc_update[2942]: Apply init options for tc.
May 24 08:49:17 gate tc_update[2942]: Run command: /sbin/tc qdisc add
dev eth1 root handle 1: htb default 1 2>&1
May 24 08:49:17 gate tc_update[2942]: Run command: /sbin/tc class add
dev eth1 parent 1:1 classid 1:1 htb rate 100Mbit 2>&1
May 24 08:49:17 gate kernel: [ 78.622095] HTB: quantum of class
10001 is big. Consider r2q change.
May 24 08:49:17 gate tc_update[2942]: Received 0 tasks, nothing to do.
May 24 08:49:17 gate tc_update[2942]: Finished.
May 24 08:50:01 gate FlowsToRAW[2956]: Started.
May 24 08:49:12 gate fw_update[2936]: Received 0 tasks, nothing to do.
May 24 08:49:12 gate fw_update[2936]: Finished.
May 24 08:49:12 gate CalcBalance[2934]: Got 3 users from database.
...
...
...
May 24 08:49:12 gate fw_update[2936]: Received 0 tasks, nothing to do.
May 24 08:49:12 gate fw_update[2936]: Finished.
May 24 08:49:12 gate CalcBalance[2934]: Got 3 users from database.
May 24 08:49:12 gate CalcBalance[2934]: Getting sessions from database
in time interval 2011-5-24 - 2011-5-24 23:59.
May 24 08:49:12 gate CalcBalance[2934]: Getting options from DB.
May 24 08:49:12 gate CalcBalance[2934]: Have got 4 sessions.
May 24 08:49:12 gate CalcBalance[2934]: Bills inserted 0, updated 0.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
bills.
May 24 08:49:12 gate CalcBalance[2934]: Inserted 0 and updated 0 rows
in t_bills_directions.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
t_bills_directions.
May 24 08:49:12 gate CalcBalance[2934]: Updated amount for 0 bills
cause they "per directions".
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
bills amount.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
fees.
May 24 08:49:12 gate CalcBalance[2934]: Balance updated for 2 users.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
balances.
May 24 08:49:12 gate CalcBalance[2934]: File /usr/local/napix/run/
CalcBalance.lock removed.
May 24 08:49:12 gate CalcBalance[2934]: Finished.
May 24 08:49:17 gate tc_update[2942]: Started.
May 24 08:49:17 gate tc_update[2942]: Apply init options for tc.
May 24 08:49:17 gate tc_update[2942]: Run command: /sbin/tc qdisc add
dev eth1 root handle 1: htb default 1 2>&1
May 24 08:49:17 gate tc_update[2942]: Run command: /sbin/tc class add
dev eth1 parent 1:1 classid 1:1 htb rate 100Mbit 2>&1
May 24 08:49:17 gate kernel: [ 78.622095] HTB: quantum of class
10001 is big. Consider r2q change.
May 24 08:49:17 gate tc_update[2942]: Received 0 tasks, nothing to do.
May 24 08:49:17 gate tc_update[2942]: Finished.
May 24 08:50:01 gate FlowsToRAW[2956]: Started.
May 24 08:50:01 gate FlowsToRAW[2956]: Proccessing binary flows ft-
v05.2011-05-24.084855+0400.
May 24 08:50:01 gate FlowsToRAW[2956]: Proccessed 2 flows.
May 24 08:50:01 gate FlowsToRAW[2956]: Finished.
May 24 08:50:01 gate flow-capture[2856]: Child 2956 exit_status=1
May 24 08:50:01 gate /USR/SBIN/CRON[2960]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 08:50:02 gate /USR/SBIN/CRON[2965]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 08:50:03 gate fw_update[2967]: Started.
May 24 08:50:03 gate CalcBalance[2962]: Started.
May 24 08:50:03 gate fw_update[2967]: Received 0 tasks, nothing to do.
May 24 08:50:03 gate fw_update[2967]: Finished.
May 24 08:50:03 gate CalcBalance[2962]: Got 3 users from database.
May 24 08:50:03 gate CalcBalance[2962]: Getting sessions from database
in time interval 2011-5-24 - 2011-5-24 23:59.
May 24 08:50:03 gate CalcBalance[2962]: Getting options from DB.
May 24 08:50:03 gate CalcBalance[2962]: Have got 4 sessions.
May 24 08:50:03 gate CalcBalance[2962]: Bills inserted 0, updated 0.
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
bills.
May 24 08:50:03 gate CalcBalance[2962]: Inserted 0 and updated 0 rows
in t_bills_directions.
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
t_bills_directions.
May 24 08:50:03 gate CalcBalance[2962]: Updated amount for 0 bills
cause they "per directions".
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
bills amount.
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
fees.
May 24 08:50:03 gate CalcBalance[2962]: Balance updated for 2 users.
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
balances.
May 24 08:50:03 gate CalcBalance[2962]: File /usr/local/napix/run/
CalcBalance.lock removed.
May 24 08:50:03 gate CalcBalance[2962]: Finished.
May 24 08:50:04 gate tc_update[2973]: Started.
May 24 08:50:04 gate tc_update[2973]: Apply init options for tc.
May 24 08:50:04 gate tc_update[2973]: Run command: /sbin/tc qdisc add
dev eth1 root handle 1: htb default 1 2>&1
May 24 08:50:04 gate tc_update[2973]: Got error during execute tc init
cmd: RTNETLINK answers: File exists#012
May 24 08:50:04 gate tc_update[2973]: Received 0 tasks, nothing to do.
May 24 08:50:04 gate tc_update[2973]: Finished.
iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
3259 290K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
7 420 DROP all -- eth1 * 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 4179 packets, 2285K bytes)
может можно зажатый образ установленной системы выложить?
Ставил W3A плюс доставлял нехватающих компонентов.
May 24 08:48:46 gate rsyslogd: [origin software="rsyslogd"
swVersion="3.18.6" x-pid="2432" x-info="http://www.rsyslog.com"]
restart
May 24 08:48:48 gate dhcpd: Internet Systems Consortium DHCP Server
V3.1.1
May 24 08:48:48 gate dhcpd: Copyright 2004-2008 Internet Systems
Consortium.
May 24 08:48:48 gate dhcpd: All rights reserved.
May 24 08:48:48 gate dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
May 24 08:48:48 gate dhcpd: Internet Systems Consortium DHCP Server
V3.1.1
May 24 08:48:48 gate dhcpd: Copyright 2004-2008 Internet Systems
Consortium.
May 24 08:48:48 gate dhcpd: All rights reserved.
May 24 08:48:48 gate dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
May 24 08:48:48 gate dhcpd: Wrote 2 leases to leases file.
May 24 08:48:50 gate /usr/sbin/cron[2782]: (CRON) INFO (pidfile fd =
3)
May 24 08:48:50 gate /usr/sbin/cron[2783]: (CRON) STARTUP (fork ok)
May 24 08:48:50 gate /usr/sbin/cron[2783]: (CRON) INFO (Running
@reboot jobs)
May 24 08:48:51 gate kernel: [ 52.354767] ip_tables: (C) 2000-2006
Netfilter Core Team
May 24 08:48:51 gate kernel: [ 52.489358] nf_conntrack version 0.5.0
(4096 buckets, 16384 max)
May 24 08:48:54 gate kernel: [ 55.940009] eth1: no IPv6 routers
present
May 24 08:48:54 gate kernel: [ 56.048009] eth0: no IPv6 routers
present
May 24 08:48:54 gate flow-capture[2856]: setsockopt(size=4194304)
May 24 08:49:01 gate /USR/SBIN/CRON[2930]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 08:49:01 gate /USR/SBIN/CRON[2931]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 08:49:11 gate fw_update[2936]: Started.
May 24 08:49:11 gate CalcBalance[2934]: Started.
May 24 08:49:12 gate fw_update[2936]: Received 0 tasks, nothing to do.
May 24 08:49:12 gate fw_update[2936]: Finished.
May 24 08:49:12 gate CalcBalance[2934]: Got 3 users from database.
May 24 08:49:12 gate CalcBalance[2934]: Getting sessions from database
in time interval 2011-5-24 - 2011-5-24 23:59.
May 24 08:49:12 gate CalcBalance[2934]: Getting options from DB.
May 24 08:49:12 gate CalcBalance[2934]: Have got 4 sessions.
May 24 08:49:12 gate CalcBalance[2934]: Bills inserted 0, updated 0.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
bills.
May 24 08:49:12 gate CalcBalance[2934]: Inserted 0 and updated 0 rows
in t_bills_directions.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
t_bills_directions.
May 24 08:49:12 gate CalcBalance[2934]: Updated amount for 0 bills
cause they "per directions".
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
bills amount.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
fees.
May 24 08:49:12 gate CalcBalance[2934]: Balance updated for 2 users.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
balances.
May 24 08:49:12 gate CalcBalance[2934]: File /usr/local/napix/run/
CalcBalance.lock removed.
May 24 08:49:12 gate CalcBalance[2934]: Finished.
May 24 08:49:17 gate tc_update[2942]: Started.
May 24 08:49:17 gate tc_update[2942]: Apply init options for tc.
May 24 08:49:17 gate tc_update[2942]: Run command: /sbin/tc qdisc add
dev eth1 root handle 1: htb default 1 2>&1
May 24 08:49:17 gate tc_update[2942]: Run command: /sbin/tc class add
dev eth1 parent 1:1 classid 1:1 htb rate 100Mbit 2>&1
May 24 08:49:17 gate kernel: [ 78.622095] HTB: quantum of class
10001 is big. Consider r2q change.
May 24 08:49:17 gate tc_update[2942]: Received 0 tasks, nothing to do.
May 24 08:49:17 gate tc_update[2942]: Finished.
May 24 08:50:01 gate FlowsToRAW[2956]: Started.
May 24 08:49:12 gate fw_update[2936]: Received 0 tasks, nothing to do.
May 24 08:49:12 gate fw_update[2936]: Finished.
May 24 08:49:12 gate CalcBalance[2934]: Got 3 users from database.
...
...
...
May 24 08:49:12 gate fw_update[2936]: Received 0 tasks, nothing to do.
May 24 08:49:12 gate fw_update[2936]: Finished.
May 24 08:49:12 gate CalcBalance[2934]: Got 3 users from database.
May 24 08:49:12 gate CalcBalance[2934]: Getting sessions from database
in time interval 2011-5-24 - 2011-5-24 23:59.
May 24 08:49:12 gate CalcBalance[2934]: Getting options from DB.
May 24 08:49:12 gate CalcBalance[2934]: Have got 4 sessions.
May 24 08:49:12 gate CalcBalance[2934]: Bills inserted 0, updated 0.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
bills.
May 24 08:49:12 gate CalcBalance[2934]: Inserted 0 and updated 0 rows
in t_bills_directions.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
t_bills_directions.
May 24 08:49:12 gate CalcBalance[2934]: Updated amount for 0 bills
cause they "per directions".
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
bills amount.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
fees.
May 24 08:49:12 gate CalcBalance[2934]: Balance updated for 2 users.
May 24 08:49:12 gate CalcBalance[2934]: Commiting transactions for
balances.
May 24 08:49:12 gate CalcBalance[2934]: File /usr/local/napix/run/
CalcBalance.lock removed.
May 24 08:49:12 gate CalcBalance[2934]: Finished.
May 24 08:49:17 gate tc_update[2942]: Started.
May 24 08:49:17 gate tc_update[2942]: Apply init options for tc.
May 24 08:49:17 gate tc_update[2942]: Run command: /sbin/tc qdisc add
dev eth1 root handle 1: htb default 1 2>&1
May 24 08:49:17 gate tc_update[2942]: Run command: /sbin/tc class add
dev eth1 parent 1:1 classid 1:1 htb rate 100Mbit 2>&1
May 24 08:49:17 gate kernel: [ 78.622095] HTB: quantum of class
10001 is big. Consider r2q change.
May 24 08:49:17 gate tc_update[2942]: Received 0 tasks, nothing to do.
May 24 08:49:17 gate tc_update[2942]: Finished.
May 24 08:50:01 gate FlowsToRAW[2956]: Started.
May 24 08:50:01 gate FlowsToRAW[2956]: Proccessing binary flows ft-
v05.2011-05-24.084855+0400.
May 24 08:50:01 gate FlowsToRAW[2956]: Proccessed 2 flows.
May 24 08:50:01 gate FlowsToRAW[2956]: Finished.
May 24 08:50:01 gate flow-capture[2856]: Child 2956 exit_status=1
May 24 08:50:01 gate /USR/SBIN/CRON[2960]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 08:50:02 gate /USR/SBIN/CRON[2965]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 08:50:03 gate fw_update[2967]: Started.
May 24 08:50:03 gate CalcBalance[2962]: Started.
May 24 08:50:03 gate fw_update[2967]: Received 0 tasks, nothing to do.
May 24 08:50:03 gate fw_update[2967]: Finished.
May 24 08:50:03 gate CalcBalance[2962]: Got 3 users from database.
May 24 08:50:03 gate CalcBalance[2962]: Getting sessions from database
in time interval 2011-5-24 - 2011-5-24 23:59.
May 24 08:50:03 gate CalcBalance[2962]: Getting options from DB.
May 24 08:50:03 gate CalcBalance[2962]: Have got 4 sessions.
May 24 08:50:03 gate CalcBalance[2962]: Bills inserted 0, updated 0.
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
bills.
May 24 08:50:03 gate CalcBalance[2962]: Inserted 0 and updated 0 rows
in t_bills_directions.
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
t_bills_directions.
May 24 08:50:03 gate CalcBalance[2962]: Updated amount for 0 bills
cause they "per directions".
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
bills amount.
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
fees.
May 24 08:50:03 gate CalcBalance[2962]: Balance updated for 2 users.
May 24 08:50:03 gate CalcBalance[2962]: Commiting transactions for
balances.
May 24 08:50:03 gate CalcBalance[2962]: File /usr/local/napix/run/
CalcBalance.lock removed.
May 24 08:50:03 gate CalcBalance[2962]: Finished.
May 24 08:50:04 gate tc_update[2973]: Started.
May 24 08:50:04 gate tc_update[2973]: Apply init options for tc.
May 24 08:50:04 gate tc_update[2973]: Run command: /sbin/tc qdisc add
dev eth1 root handle 1: htb default 1 2>&1
May 24 08:50:04 gate tc_update[2973]: Got error during execute tc init
cmd: RTNETLINK answers: File exists#012
May 24 08:50:04 gate tc_update[2973]: Received 0 tasks, nothing to do.
May 24 08:50:04 gate tc_update[2973]: Finished.
iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0.0.0.0/0 state RELATED,ESTABLISHED
1 48 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x17/0x02
0 0 REJECT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
5 928 DROP all -- eth1 * 0.0.0.0/0
1 48 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x17/0x02
0 0 REJECT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 flags:0x17/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 flags:0x17/0x02
24 1440 ACCEPT all -- lo * 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 flags:0x17/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 flags:0x17/0x02
0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
7 420 ULOG all -- * * 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0.0.0.0/0 ULOG copy_range 0 nlgroup 1 queue_threshold 1
7 420 NAPIX_ACCESS all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
7 420 DROP all -- eth1 * 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 4179 packets, 2285K bytes)
pkts bytes target prot opt in out source
destination
Chain NAPIX_ACCESS (1 references)
pkts bytes target prot opt in out source
destination
В вебинтерфейс войти не могу с такими правилами...
destination
Chain NAPIX_ACCESS (1 references)
pkts bytes target prot opt in out source
destination
может можно зажатый образ установленной системы выложить?
Ставил W3A плюс доставлял нехватающих компонентов.
Supme
May 24, 2011, 1:05:38 AM5/24/11
to napix
Supme
May 24, 2011, 1:50:48 AM5/24/11
to napix
Вобщем с таким безбашем:
#!/bin/sh
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
$IPTABLES -P INPUT ACCEPT
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything
else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j ACCEPT
#Allow http and https on other interfaces (input).
В логах:
May 24 09:44:03 gate tc_update[3044]: Received 0 tasks, nothing to do.
May 24 09:44:03 gate tc_update[3044]: Finished.
May 24 09:45:01 gate FlowsToRAW[3064]: Started.
May 24 09:45:01 gate FlowsToRAW[3064]: Proccessing binary flows ft-
v05.2011-05-24.094141+0400.
May 24 09:45:01 gate FlowsToRAW[3064]: Proccessed 2 flows.
May 24 09:45:01 gate FlowsToRAW[3064]: Finished.
May 24 09:45:01 gate flow-capture[2857]: Child 3064 exit_status=1
May 24 09:45:01 gate /USR/SBIN/CRON[3068]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 09:45:02 gate /USR/SBIN/CRON[3073]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 09:45:03 gate fw_update[3075]: Started.
May 24 09:45:03 gate CalcBalance[3070]: Started.
May 24 09:45:03 gate CalcBalance[3070]: Lock file exist, close
program.
May 24 09:45:03 gate CalcBalance[3070]: Finished.
May 24 09:45:03 gate fw_update[3075]: Received 0 tasks, nothing to do.
May 24 09:45:03 gate fw_update[3075]: Finished.
May 24 09:45:04 gate tc_update[3084]: Started.
May 24 09:45:04 gate tc_update[3084]: Apply init options for tc.
May 24 09:45:04 gate tc_update[3084]: Run command: /sbin/tc qdisc add
May 24 09:45:04 gate tc_update[3084]: Finished.
May 24 09:46:01 gate /USR/SBIN/CRON[3117]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 09:46:01 gate /USR/SBIN/CRON[3120]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 09:46:02 gate fw_update[3125]: Started.
May 24 09:46:02 gate CalcBalance[3122]: Started.
May 24 09:46:02 gate CalcBalance[3122]: Lock file exist, close
program.
May 24 09:46:02 gate CalcBalance[3122]: Finished.
May 24 09:46:02 gate fw_update[3125]: Received 0 tasks, nothing to do.
May 24 09:46:02 gate fw_update[3125]: Finished.
May 24 09:46:03 gate tc_update[3130]: Started.
May 24 09:46:03 gate tc_update[3130]: Apply init options for tc.
May 24 09:46:03 gate tc_update[3130]: Run command: /sbin/tc qdisc add
May 24 09:46:03 gate tc_update[3130]: Finished.
May 24 09:47:01 gate /USR/SBIN/CRON[3167]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 09:47:01 gate /USR/SBIN/CRON[3172]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 09:47:02 gate fw_update[3174]: Started.
May 24 09:47:02 gate CalcBalance[3169]: Started.
May 24 09:47:02 gate CalcBalance[3169]: Lock file exist, close
program.
May 24 09:47:02 gate CalcBalance[3169]: Finished.
May 24 09:47:02 gate fw_update[3174]: Received 0 tasks, nothing to do.
May 24 09:47:02 gate fw_update[3174]: Finished.
May 24 09:47:03 gate tc_update[3180]: Started.
May 24 09:47:03 gate tc_update[3180]: Apply init options for tc.
May 24 09:47:03 gate tc_update[3180]: Run command: /sbin/tc qdisc add
May 24 09:47:03 gate tc_update[3180]: Finished.
May 24 09:47:49 gate dhcpd: DHCPREQUEST for 10.0.0.11 from
00:11:85:86:b2:91 (home-qdhya546m8) via eth1
May 24 09:47:49 gate dhcpd: DHCPACK on 10.0.0.11 to 00:11:85:86:b2:91
(home-qdhya546m8) via eth1
May 24 09:48:01 gate /USR/SBIN/CRON[3205]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 09:48:01 gate /USR/SBIN/CRON[3210]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 09:48:02 gate fw_update[3212]: Started.
May 24 09:48:02 gate CalcBalance[3207]: Started.
May 24 09:48:02 gate CalcBalance[3207]: Lock file exist, close program.
#!/bin/sh
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -N NAPIX_ACCESS
$IPTABLES -I FORWARD -j ULOG
$IPTABLES -I FORWARD 2 -j NAPIX_ACCESS
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -N NAPIX_ACCESS
$IPTABLES -I FORWARD -j ULOG
$IPTABLES -I FORWARD 2 -j NAPIX_ACCESS
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything
else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
#Allow http and https on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Работает правильно, шейп работает, но трафик не считается
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
В логах:
May 24 09:44:03 gate tc_update[3044]: Received 0 tasks, nothing to do.
May 24 09:44:03 gate tc_update[3044]: Finished.
May 24 09:45:01 gate FlowsToRAW[3064]: Started.
May 24 09:45:01 gate FlowsToRAW[3064]: Proccessing binary flows ft-
v05.2011-05-24.094141+0400.
May 24 09:45:01 gate FlowsToRAW[3064]: Proccessed 2 flows.
May 24 09:45:01 gate FlowsToRAW[3064]: Finished.
May 24 09:45:01 gate flow-capture[2857]: Child 3064 exit_status=1
May 24 09:45:01 gate /USR/SBIN/CRON[3068]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 09:45:02 gate /USR/SBIN/CRON[3073]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 09:45:03 gate fw_update[3075]: Started.
May 24 09:45:03 gate CalcBalance[3070]: Started.
May 24 09:45:03 gate CalcBalance[3070]: Lock file exist, close
program.
May 24 09:45:03 gate CalcBalance[3070]: Finished.
May 24 09:45:03 gate fw_update[3075]: Received 0 tasks, nothing to do.
May 24 09:45:03 gate fw_update[3075]: Finished.
May 24 09:45:04 gate tc_update[3084]: Started.
May 24 09:45:04 gate tc_update[3084]: Apply init options for tc.
May 24 09:45:04 gate tc_update[3084]: Run command: /sbin/tc qdisc add
dev eth1 root handle 1: htb default 1 2>&1
May 24 09:45:04 gate tc_update[3084]: Got error during execute tc init
cmd: RTNETLINK answers: File exists#012
May 24 09:45:04 gate tc_update[3084]: Received 0 tasks, nothing to do.
May 24 09:45:04 gate tc_update[3084]: Finished.
May 24 09:46:01 gate /USR/SBIN/CRON[3117]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 09:46:01 gate /USR/SBIN/CRON[3120]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 09:46:02 gate fw_update[3125]: Started.
May 24 09:46:02 gate CalcBalance[3122]: Started.
May 24 09:46:02 gate CalcBalance[3122]: Lock file exist, close
program.
May 24 09:46:02 gate CalcBalance[3122]: Finished.
May 24 09:46:02 gate fw_update[3125]: Received 0 tasks, nothing to do.
May 24 09:46:02 gate fw_update[3125]: Finished.
May 24 09:46:03 gate tc_update[3130]: Started.
May 24 09:46:03 gate tc_update[3130]: Apply init options for tc.
May 24 09:46:03 gate tc_update[3130]: Run command: /sbin/tc qdisc add
dev eth1 root handle 1: htb default 1 2>&1
May 24 09:46:03 gate tc_update[3130]: Got error during execute tc init
cmd: RTNETLINK answers: File exists#012
May 24 09:46:03 gate tc_update[3130]: Received 0 tasks, nothing to do.
May 24 09:46:03 gate tc_update[3130]: Finished.
May 24 09:47:01 gate /USR/SBIN/CRON[3167]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 09:47:01 gate /USR/SBIN/CRON[3172]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 09:47:02 gate fw_update[3174]: Started.
May 24 09:47:02 gate CalcBalance[3169]: Started.
May 24 09:47:02 gate CalcBalance[3169]: Lock file exist, close
program.
May 24 09:47:02 gate CalcBalance[3169]: Finished.
May 24 09:47:02 gate fw_update[3174]: Received 0 tasks, nothing to do.
May 24 09:47:02 gate fw_update[3174]: Finished.
May 24 09:47:03 gate tc_update[3180]: Started.
May 24 09:47:03 gate tc_update[3180]: Apply init options for tc.
May 24 09:47:03 gate tc_update[3180]: Run command: /sbin/tc qdisc add
dev eth1 root handle 1: htb default 1 2>&1
May 24 09:47:03 gate tc_update[3180]: Got error during execute tc init
cmd: RTNETLINK answers: File exists#012
May 24 09:47:03 gate tc_update[3180]: Received 0 tasks, nothing to do.
May 24 09:47:03 gate tc_update[3180]: Finished.
May 24 09:47:49 gate dhcpd: DHCPREQUEST for 10.0.0.11 from
00:11:85:86:b2:91 (home-qdhya546m8) via eth1
May 24 09:47:49 gate dhcpd: DHCPACK on 10.0.0.11 to 00:11:85:86:b2:91
(home-qdhya546m8) via eth1
May 24 09:48:01 gate /USR/SBIN/CRON[3205]: (root) CMD (root /usr/local/
napix/bin/FlowsToDB; /usr/local/napix/bin/CalcBalance)
May 24 09:48:01 gate /USR/SBIN/CRON[3210]: (root) CMD (root /usr/local/
napix/bin/CheckAccess; /usr/local/napix/bin/fw_update; /usr/local/
napix/bin/tc_update)
May 24 09:48:02 gate fw_update[3212]: Started.
May 24 09:48:02 gate CalcBalance[3207]: Started.
May 24 09:48:02 gate CalcBalance[3207]: Lock file exist, close program.
Supme
May 24, 2011, 3:10:00 AM5/24/11
to napix
Так, поставил в крон вместо бинарников перловые скрипты, лог:
May 24 10:57:01 gate CalcBalance.pl[2987]: Started.
May 24 10:57:01 gate fw_update.pl[2992]: Received 0 tasks, nothing to
do.
May 24 10:57:01 gate fw_update.pl[2992]: Finished.
May 24 10:57:01 gate CalcBalance.pl[2987]: Got 3 users from database.
May 24 10:57:01 gate CalcBalance.pl[2987]: Getting sessions from
May 24 10:57:01 gate CalcBalance.pl[2987]: Have got 6 sessions.
May 24 10:57:01 gate CalcBalance.pl[2987]: Bills inserted 0, updated
2.
May 24 10:57:01 gate CalcBalance.pl[2987]: Commiting transactions for
bills.
May 24 10:57:01 gate CalcBalance.pl[2987]: Inserted 0 and updated 0
rows in t_bills_directions.
May 24 10:57:01 gate CalcBalance.pl[2987]: Commiting transactions for
t_bills_directions.
May 24 10:57:01 gate CalcBalance.pl[2987]: Updated amount for 0 bills
bills amount.
May 24 10:57:01 gate CalcBalance.pl[2987]: Commiting transactions for
fees.
May 24 10:57:01 gate CalcBalance.pl[2987]: Balance updated for 2
users.
May 24 10:57:01 gate CalcBalance.pl[2987]: Commiting transactions for
balances.
May 24 10:57:01 gate CalcBalance.pl[2987]: File /usr/local/napix/run/
CalcBalance.pl.lock removed.
May 24 10:57:01 gate CalcBalance.pl[2987]: Finished.
May 24 10:57:01 gate tc_update.pl[2996]: Started.
May 24 10:57:01 gate tc_update.pl[2996]: Apply init options for tc.
May 24 10:57:01 gate tc_update.pl[2996]: Run command: /sbin/tc qdisc
do.
May 24 10:57:01 gate tc_update.pl[2996]: Finished.
May 24 10:57:54 gate dhcpd: DHCPREQUEST for 10.0.0.11 from
(home-qdhya546m8) via eth1
May 24 10:58:01 gate /USR/SBIN/CRON[3020]: (root) CMD (napix /usr/
local/napix/bin/FlowsToDB.pl; /usr/local/napix/bin/CalcBalance.pl)
May 24 10:58:01 gate /USR/SBIN/CRON[3025]: (root) CMD (root /usr/local/
napix/bin/CheckAccess.pl; /usr/local/napix/bin/fw_update.pl; /usr/
local/napix/bin/tc_u$
May 24 10:58:02 gate fw_update.pl[3027]: Started.
May 24 10:58:02 gate CalcBalance.pl[3022]: Started.
May 24 10:58:02 gate fw_update.pl[3027]: Received 0 tasks, nothing to
do.
May 24 10:58:02 gate fw_update.pl[3027]: Finished.
May 24 10:58:02 gate CalcBalance.pl[3022]: Got 3 users from database.
May 24 10:58:02 gate CalcBalance.pl[3022]: Getting sessions from
May 24 10:58:02 gate CalcBalance.pl[3022]: Have got 6 sessions.
May 24 10:58:02 gate CalcBalance.pl[3022]: Bills inserted 0, updated
2.
May 24 10:58:02 gate CalcBalance.pl[3022]: Commiting transactions for
bills.
May 24 10:58:02 gate CalcBalance.pl[3022]: Inserted 0 and updated 0
rows in t_bills_directions.
May 24 10:58:02 gate CalcBalance.pl[3022]: Commiting transactions for
t_bills_directions.
May 24 10:58:02 gate CalcBalance.pl[3022]: Updated amount for 0 bills
bills amount.
May 24 10:58:02 gate CalcBalance.pl[3022]: Commiting transactions for
fees.
May 24 10:58:02 gate CalcBalance.pl[3022]: Balance updated for 2
users.
May 24 10:58:02 gate CalcBalance.pl[3022]: Commiting transactions for
balances.
May 24 10:58:02 gate CalcBalance.pl[3022]: File /usr/local/napix/run/
CalcBalance.pl.lock removed.
May 24 10:58:02 gate CalcBalance.pl[3022]: Finished.
May 24 10:58:02 gate tc_update.pl[3032]: Started.
May 24 10:58:02 gate tc_update.pl[3032]: Apply init options for tc.
May 24 10:58:02 gate tc_update.pl[3032]: Run command: /sbin/tc qdisc
do.
May 24 10:58:02 gate tc_update.pl[3032]: Finished.
В /usr/local/napix/flows/bin создаются файлы вида tmp-v05-...
размером в 80 байт (они не должны быть больше?)
good, bad, arc пустые
а в raw файлы вида ft-v05.2011-05.... размером 118 байт и содержимым:
Start End Sif SrcIPaddress SrcP DIf
DstIPaddress DstP P Fl Pkts Octets
Соответственно трафика не считается...
May 24 10:57:01 gate CalcBalance.pl[2987]: Started.
May 24 10:57:01 gate fw_update.pl[2992]: Received 0 tasks, nothing to
do.
May 24 10:57:01 gate fw_update.pl[2992]: Finished.
May 24 10:57:01 gate CalcBalance.pl[2987]: Got 3 users from database.
May 24 10:57:01 gate CalcBalance.pl[2987]: Getting sessions from
database in time interval 2011-5-24 - 2011-5-24 23:59.
May 24 10:57:01 gate CalcBalance.pl[2987]: Getting options from DB.
May 24 10:57:01 gate CalcBalance.pl[2987]: Have got 6 sessions.
May 24 10:57:01 gate CalcBalance.pl[2987]: Bills inserted 0, updated
2.
May 24 10:57:01 gate CalcBalance.pl[2987]: Commiting transactions for
bills.
May 24 10:57:01 gate CalcBalance.pl[2987]: Inserted 0 and updated 0
rows in t_bills_directions.
May 24 10:57:01 gate CalcBalance.pl[2987]: Commiting transactions for
t_bills_directions.
May 24 10:57:01 gate CalcBalance.pl[2987]: Updated amount for 0 bills
cause they "per directions".
May 24 10:57:01 gate CalcBalance.pl[2987]: Commiting transactions for
bills amount.
May 24 10:57:01 gate CalcBalance.pl[2987]: Commiting transactions for
fees.
May 24 10:57:01 gate CalcBalance.pl[2987]: Balance updated for 2
users.
May 24 10:57:01 gate CalcBalance.pl[2987]: Commiting transactions for
balances.
May 24 10:57:01 gate CalcBalance.pl[2987]: File /usr/local/napix/run/
CalcBalance.pl.lock removed.
May 24 10:57:01 gate CalcBalance.pl[2987]: Finished.
May 24 10:57:01 gate tc_update.pl[2996]: Started.
May 24 10:57:01 gate tc_update.pl[2996]: Apply init options for tc.
May 24 10:57:01 gate tc_update.pl[2996]: Run command: /sbin/tc qdisc
add dev eth1 root handle 1: htb default 1 2>&1
May 24 10:57:01 gate tc_update.pl[2996]: Run command: /sbin/tc class
add dev eth1 parent 1:1 classid 1:1 htb rate 100Mbit 2>&1
May 24 10:57:01 gate tc_update.pl[2996]: Received 0 tasks, nothing to
do.
May 24 10:57:01 gate tc_update.pl[2996]: Finished.
May 24 10:57:54 gate dhcpd: DHCPREQUEST for 10.0.0.11 from
00:11:85:86:b2:91 (home-qdhya546m8) via eth1
May 24 10:57:54 gate dhcpd: DHCPACK on 10.0.0.11 to 00:11:85:86:b2:91
(home-qdhya546m8) via eth1
May 24 10:58:01 gate /USR/SBIN/CRON[3020]: (root) CMD (napix /usr/
local/napix/bin/FlowsToDB.pl; /usr/local/napix/bin/CalcBalance.pl)
May 24 10:58:01 gate /USR/SBIN/CRON[3025]: (root) CMD (root /usr/local/
napix/bin/CheckAccess.pl; /usr/local/napix/bin/fw_update.pl; /usr/
local/napix/bin/tc_u$
May 24 10:58:02 gate fw_update.pl[3027]: Started.
May 24 10:58:02 gate CalcBalance.pl[3022]: Started.
May 24 10:58:02 gate fw_update.pl[3027]: Received 0 tasks, nothing to
do.
May 24 10:58:02 gate fw_update.pl[3027]: Finished.
May 24 10:58:02 gate CalcBalance.pl[3022]: Got 3 users from database.
May 24 10:58:02 gate CalcBalance.pl[3022]: Getting sessions from
database in time interval 2011-5-24 - 2011-5-24 23:59.
May 24 10:58:02 gate CalcBalance.pl[3022]: Getting options from DB.
May 24 10:58:02 gate CalcBalance.pl[3022]: Have got 6 sessions.
May 24 10:58:02 gate CalcBalance.pl[3022]: Bills inserted 0, updated
2.
May 24 10:58:02 gate CalcBalance.pl[3022]: Commiting transactions for
bills.
May 24 10:58:02 gate CalcBalance.pl[3022]: Inserted 0 and updated 0
rows in t_bills_directions.
May 24 10:58:02 gate CalcBalance.pl[3022]: Commiting transactions for
t_bills_directions.
May 24 10:58:02 gate CalcBalance.pl[3022]: Updated amount for 0 bills
cause they "per directions".
May 24 10:58:02 gate CalcBalance.pl[3022]: Commiting transactions for
bills amount.
May 24 10:58:02 gate CalcBalance.pl[3022]: Commiting transactions for
fees.
May 24 10:58:02 gate CalcBalance.pl[3022]: Balance updated for 2
users.
May 24 10:58:02 gate CalcBalance.pl[3022]: Commiting transactions for
balances.
May 24 10:58:02 gate CalcBalance.pl[3022]: File /usr/local/napix/run/
CalcBalance.pl.lock removed.
May 24 10:58:02 gate CalcBalance.pl[3022]: Finished.
May 24 10:58:02 gate tc_update.pl[3032]: Started.
May 24 10:58:02 gate tc_update.pl[3032]: Apply init options for tc.
May 24 10:58:02 gate tc_update.pl[3032]: Run command: /sbin/tc qdisc
add dev eth1 root handle 1: htb default 1 2>&1
May 24 10:58:02 gate tc_update.pl[3032]: Run command: /sbin/tc class
add dev eth1 parent 1:1 classid 1:1 htb rate 100Mbit 2>&1
May 24 10:58:02 gate tc_update.pl[3032]: Received 0 tasks, nothing to
do.
May 24 10:58:02 gate tc_update.pl[3032]: Finished.
В /usr/local/napix/flows/bin создаются файлы вида tmp-v05-...
размером в 80 байт (они не должны быть больше?)
good, bad, arc пустые
а в raw файлы вида ft-v05.2011-05.... размером 118 байт и содержимым:
Start End Sif SrcIPaddress SrcP DIf
DstIPaddress DstP P Fl Pkts Octets
Соответственно трафика не считается...
Supme
May 24, 2011, 7:46:53 AM5/24/11
to napix
ipcad не хочет запускаться... ipcad.dump ему не нравится... да и
Opening ulog... [LCap] [DOWN, yet available] Initialized as 1
Opening ulog... [LCap] [DOWN, yet available] Initialized as 1
Supme
May 25, 2011, 8:07:46 AM5/25/11
to napix
почему может не подниматься ulog при старте ipcad?
И еще вопрос, порставил на debian squeeze все с нуля и версию не
napix-0.8.3-linux-x86-w3a.tar.gz, а napix-1.0.1-src.tar.gz
при заходе через веб на сервер выдает
Неверное перенаправление на странице
Firefox определил, что сервер перенаправляет запрос на этот адрес
таким образом, что он никогда не завершится.
* Эта проблема может возникать при отключении или запрещении
принятия кук.
в логах апача:
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice: A
session had already been started - ignoring session_start() in /usr/
local/napix/www/ht$
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined index: user_info in /usr/local/napix/www/htdocs/includes/
ccs.php on line 392
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined property: CCS::$link in /usr/local/napix/www/htdocs/
index.php on line 13
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Trying to get property of non-object in /usr/local/napix/www/htdocs/
index.php on line 13
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined property: CCS::$link in /usr/local/napix/www/htdocs/
index.php on line 18
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Trying to get property of non-object in /usr/local/napix/www/htdocs/
index.php on line 18
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined property: CCS::$link in /usr/local/napix/www/htdocs/
index.php on line 22
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Trying to get property of non-object in /usr/local/napix/www/htdocs/
index.php on line 22
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice: A
session had already been started - ignoring session_start() in /usr/
local/napix/www/ht$
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined index: user_info in /usr/local/napix/www/htdocs/includes/
ccs.php on line 392
Что у мну не так?
Opening ulog... [LCap] [DOWN, yet available] Initialized as 1
причем если вместо ulog считать eth0 то все хорошо...
И еще вопрос, порставил на debian squeeze все с нуля и версию не
napix-0.8.3-linux-x86-w3a.tar.gz, а napix-1.0.1-src.tar.gz
при заходе через веб на сервер выдает
Неверное перенаправление на странице
Firefox определил, что сервер перенаправляет запрос на этот адрес
таким образом, что он никогда не завершится.
* Эта проблема может возникать при отключении или запрещении
принятия кук.
в логах апача:
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice: A
session had already been started - ignoring session_start() in /usr/
local/napix/www/ht$
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined index: user_info in /usr/local/napix/www/htdocs/includes/
ccs.php on line 392
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined property: CCS::$link in /usr/local/napix/www/htdocs/
index.php on line 13
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Trying to get property of non-object in /usr/local/napix/www/htdocs/
index.php on line 13
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined property: CCS::$link in /usr/local/napix/www/htdocs/
index.php on line 18
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Trying to get property of non-object in /usr/local/napix/www/htdocs/
index.php on line 18
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined property: CCS::$link in /usr/local/napix/www/htdocs/
index.php on line 22
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Trying to get property of non-object in /usr/local/napix/www/htdocs/
index.php on line 22
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice: A
session had already been started - ignoring session_start() in /usr/
local/napix/www/ht$
[Wed May 25 16:05:12 2011] [error] [client 192.168.0.5] PHP Notice:
Undefined index: user_info in /usr/local/napix/www/htdocs/includes/
ccs.php on line 392
Что у мну не так?
shagy
May 26, 2011, 9:17:55 PM5/26/11
to napix
Не вижу в логах отработки скрипта CheckAccess.pl. Попробуйте его
запустить в ручную /usr/local/napix/bin/CheckAccess.pl
Так же удалите все файлы *.lock,
rm /usr/local/napix/run/*.lock
On May 24, 11:00 am, Supme <sup...@gmail.com> wrote:
> syslog
>
> May 24 08:48:46 gate rsyslogd: [origin software="rsyslogd"
> swVersion="3.18.6" x-pid="2432" x-info="http://www.rsyslog.com"]
> restart
> May 24 08:48:48 gate dhcpd: Internet Systems Consortium DHCP Server
> V3.1.1
> May 24 08:48:48 gate dhcpd: Copyright 2004-2008 Internet Systems
> Consortium.
> May 24 08:48:48 gate dhcpd: All rights reserved.
> May 24 08:48:48 gate dhcpd: For info, please visithttp://www.isc.org/sw/dhcp/
> ÷ ×ÅÂÉÎÔÅÒÆÅÊÓ ×ÏÊÔÉ ÎÅ ÍÏÇÕ ...
>
> read more »
запустить в ручную /usr/local/napix/bin/CheckAccess.pl
Так же удалите все файлы *.lock,
rm /usr/local/napix/run/*.lock
On May 24, 11:00 am, Supme <sup...@gmail.com> wrote:
> syslog
>
> May 24 08:48:46 gate rsyslogd: [origin software="rsyslogd"
> swVersion="3.18.6" x-pid="2432" x-info="http://www.rsyslog.com"]
> restart
> May 24 08:48:48 gate dhcpd: Internet Systems Consortium DHCP Server
> V3.1.1
> May 24 08:48:48 gate dhcpd: Copyright 2004-2008 Internet Systems
> Consortium.
> May 24 08:48:48 gate dhcpd: All rights reserved.
> May 24 08:48:48 gate dhcpd: Internet Systems Consortium DHCP Server
> V3.1.1
> May 24 08:48:48 gate dhcpd: Copyright 2004-2008 Internet Systems
> Consortium.
> May 24 08:48:48 gate dhcpd: All rights reserved.
> May 24 08:48:48 gate dhcpd: For info, please visithttp://www.isc.org/sw/dhcp/
> V3.1.1
> May 24 08:48:48 gate dhcpd: Copyright 2004-2008 Internet Systems
> Consortium.
> May 24 08:48:48 gate dhcpd: All rights reserved.
>
> read more »
shagy
May 26, 2011, 9:21:45 PM5/26/11
to napix
Разницы между бинарными и перловыми скриптами нет, если первые
запускаются без ошибок.
Предполагаю, что часть скриптов не отрабатывает, т.к. залочились. Как
из разлочить написал выше.
запускаются без ошибок.
Предполагаю, что часть скриптов не отрабатывает, т.к. залочились. Как
из разлочить написал выше.
shagy
May 26, 2011, 9:25:44 PM5/26/11
to napix
Похоже в вашей системе нет поддежки модуля в ULOG для iptables,
попробуйте его подгрузить через modprobe.
С установкой на дебиан ничего не подскажу, могу только рекоммендовать
gentoo, под него Напикс на версиях до 2010 года работал из
"коробки" (версия w3a).
попробуйте его подгрузить через modprobe.
С установкой на дебиан ничего не подскажу, могу только рекоммендовать
gentoo, под него Напикс на версиях до 2010 года работал из
"коробки" (версия w3a).
Reply all
Reply to author
Forward
0 new messages