spirt
NoDeny
Пользователь
Карма: 0
 Offline
Сообщений: 16
H2O девиз не наш! Наш – C2H5OH!
|
 |
« : 21 Августа 2010, 23:00:41 » |
|
Всем, доброго вренмени суток. Прошу помочь новичку! Как и все на этом форуме, всё устанавливал по мануалу.  и вроде всё получилось. Тестовый пользователь выходит в нет без авторизации, и через L2 авторизатор. Так-же настроил mpd5 и radius по инструкции, но видимо в чёмто ошибся... и не смог настроить pppoe Тест радиуса проходит: manuhino# radtest spirt 123123 127.0.0.1 0 hardpass5
Sending Access-Request of id 30 to 127.0.0.1 port 1812
User-Name = "spirt"
User-Password = "123123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=30, length=38
Framed-IP-Address = 10.0.0.10
Framed-IP-Netmask = 255.255.255.255
Framed-Protocol = PPP xl0 - внутренний интерфейс. 10.0.0.250 - реальный адрес, локальный ДНС, он же шлюз 194.1.161.149 - ДНС провайдера 10.0.0.10 - адрес клиента В mpd.conf указано: startup:
set user admin hardpass6
set console self 127.0.0.1 5005
set console open
set web self 0.0.0.0 5006
set web open
default:
load pppoe_server
pppoe_server:
create bundle template B
set ipcp ranges 10.0.0.250/32 127.0.0.2/32
set ipcp dns 10.0.0.250 194.1.161.149
set ccp yes mppc
set mppc yes e40
set mppc yes e56
set mppc yes e128
set mppc yes stateless
set ecp disable dese-bis dese-old
create link template common pppoe
set link enable multilink
set link action bundle B
set link disable chap pap eap
set link enable pap
load radius
set pppoe service "*"
create link template xl0 common
set link max-children 1000
set pppoe iface xl0
set link enable incoming
radius:
set radius server localhost hardpass5 1812 1813
set radius retries 3
set radius timeout 3
set radius me 127.0.0.1
set auth acct-update 45
set auth enable radius-auth
set auth enable radius-acct
set radius enable message-authentic
sql.conf #
sql {
driver = "rlm_sql_mysql"
# Connect info
server = "localhost"
login = "bill_kernel"
password = "hardpass4"
# Database table configuration
radius_db = "bill"
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = "radacct"
acct_table2 = "radacct"
# Allow for storing data after authentication
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
# Table to keep radius client info
nas_table = "nas"
# Remove stale session if checkrad does not see a double login
deletestalesessions = yes
# Print all SQL statements when in debug mode (-x)
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
# number of sql connections to make to server
num_sql_socks = 5
# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60
# Safe characters list for sql queries. Everything else is replaced
# with their mime-encoded equivalents.
# The default list should be ok
#safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
#######################################################################
# Query config: Username
#######################################################################
sql_user_name = "%{User-Name}"
#######################################################################
# Authorization Queries
#######################################################################
# These queries compare the check items for the user
# in ${authcheck_table} and setup the reply items in
# ${authreply_table}. You can use any query/tables
# you want, but the return data for each row MUST
# be in the following order:
#
# 0. Row ID (currently unused)
# 1. UserName/GroupName
# 2. Item Attr Name
# 3. Item Attr Value
# 4. Item Attr Operation
#######################################################################
authorize_check_query = "call radcheck('%{SQL-User-Name}')"
authorize_reply_query = "call radreply('%{SQL-User-Name}')"
#######################################################################
# Accounting Queries
#######################################################################
accounting_update_query = "call radupdate('%{SQL-User-Name}')"
accounting_stop_query = "call radstop('%{SQL-User-Name}')"
#######################################################################
# Simultaneous Use Checking Queries
#######################################################################
# Uncomment simul_count_query to enable simultaneous use checking
#simul_count_query = "SELECT COUNT(*) \
#FROM ${acct_table1} \
#WHERE UserName='%{SQL-User-Name}' \
#AND AcctStopTime = 0"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, \
NASIPAddress, NASPortId, FramedIPAddress, \
CallingStationId, FramedProtocol \
FROM ${acct_table1} \
WHERE UserName='%{SQL-User-Name}' \
AND AcctStopTime = 0"
#######################################################################
# Group Membership Queries
#######################################################################
# group_membership_query - Check user group membership
#######################################################################
group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-
#######################################################################
# Authentication Logging Queries
#######################################################################
# postauth_query - Insert some info after authentication
#######################################################################
postauth_query = "INSERT into ${postauth_table} (user, pass, reply, date) values ('%{User
#
# Set to 'yes' to read radius clients from the database ('nas' table)
#readclients = yes
}
На Странице статистики, Сеансы авторизаций spirt (ip 10.0.0.10) 1 22:36:17 отключен 2 22:36:12 PPPoE 3 22:34:38 отключен 4 22:34:32 PPPoE 5 22:27:48 отключен 6 22:27:40 PPPoE 7 22:26:46 отключен 8 22:26:38 PPPoE 9 22:20:11 отключен 10 22:20:02 PPPoE 11 22:19:57 отключен 12 22:19:49 PPPoE 13 21:38:37 отключен 14 21:38:33 PPPoE 15 21:33:27 отключен 16 21:33:22 PPPoE 17 21:17:39 отключен 18 21:17:29 PPPoE 19 21:17:14 отключен 20 21:17:10 PPPoE ниже отключались в ручную21 11:14:46 отключен 22 11:12:13 Авторизатор 23 11:12:05 отключен 24 11:11:33 Авторизатор радиус и мпд работают manuhino# sockstat | grep radius
root radiusd 874 3 udp4 *:1812 *:*
root radiusd 874 4 udp4 *:1813 *:*
root radiusd 874 5 stream -> /tmp/mysql.sock
root radiusd 874 6 stream -> /tmp/mysql.sock
root radiusd 874 7 stream -> /tmp/mysql.sock
root radiusd 874 8 stream -> /tmp/mysql.sock
root radiusd 874 9 stream -> /tmp/mysql.sock
manuhino# sockstat | grep mpd
root mpd5 754 3 dgram -> /var/run/logpriv
root mpd5 754 16 tcp4 127.0.0.1:5005 *:*
root mpd5 754 19 tcp4 *:5006 *:*
лог мпд при авторизации Aug 22 00:46:59 manuhino mpd: Incoming PPPoE connection request via xl0: for service "" from 00:c0:f0:17:b2:0f
Aug 22 00:46:59 manuhino mpd: [xl0-2] Accepting PPPoE connection
Aug 22 00:46:59 manuhino mpd: [xl0-2] Link: OPEN event
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: Open event
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: state change Initial --> Starting
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: LayerStart
Aug 22 00:46:59 manuhino mpd: [xl0-2] PPPoE: connection successful
Aug 22 00:46:59 manuhino mpd: [xl0-2] Link: UP event
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: Up event
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: state change Starting --> Req-Sent
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: SendConfigReq #1
Aug 22 00:46:59 manuhino mpd: [xl0-2] PROTOCOMP
Aug 22 00:46:59 manuhino mpd: [xl0-2] MRU 1492
Aug 22 00:46:59 manuhino mpd: [xl0-2] MAGICNUM 48c11b7e
Aug 22 00:46:59 manuhino mpd: [xl0-2] AUTHPROTO PAP
Aug 22 00:46:59 manuhino mpd: [xl0-2] MP MRRU 2048
Aug 22 00:46:59 manuhino mpd: [xl0-2] MP SHORTSEQ
Aug 22 00:46:59 manuhino mpd: [xl0-2] ENDPOINTDISC [802.1] 00 04 76 25 b9 93
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: rec'd Configure Request #0 (Req-Sent)
Aug 22 00:46:59 manuhino mpd: [xl0-2] MRU 1480
Aug 22 00:46:59 manuhino mpd: [xl0-2] MAGICNUM 49895a72
Aug 22 00:46:59 manuhino mpd: [xl0-2] CALLBACK 6
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: SendConfigRej #0
Aug 22 00:46:59 manuhino mpd: [xl0-2] CALLBACK 6
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: rec'd Configure Reject #1 (Req-Sent)
Aug 22 00:46:59 manuhino mpd: [xl0-2] PROTOCOMP
Aug 22 00:46:59 manuhino mpd: [xl0-2] MP MRRU 2048
Aug 22 00:46:59 manuhino mpd: [xl0-2] MP SHORTSEQ
Aug 22 00:46:59 manuhino mpd: [xl0-2] ENDPOINTDISC [802.1] 00 04 76 25 b9 93
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: SendConfigReq #2
Aug 22 00:46:59 manuhino mpd: [xl0-2] MRU 1492
Aug 22 00:46:59 manuhino mpd: [xl0-2] MAGICNUM 48c11b7e
Aug 22 00:46:59 manuhino mpd: [xl0-2] AUTHPROTO PAP
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: rec'd Configure Request #1 (Req-Sent)
Aug 22 00:46:59 manuhino mpd: [xl0-2] MRU 1480
Aug 22 00:46:59 manuhino mpd: [xl0-2] MAGICNUM 49895a72
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: SendConfigAck #1
Aug 22 00:46:59 manuhino mpd: [xl0-2] MRU 1480
Aug 22 00:46:59 manuhino mpd: [xl0-2] MAGICNUM 49895a72
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: state change Req-Sent --> Ack-Sent
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: rec'd Configure Ack #2 (Ack-Sent)
Aug 22 00:46:59 manuhino mpd: [xl0-2] MRU 1492
Aug 22 00:46:59 manuhino mpd: [xl0-2] MAGICNUM 48c11b7e
Aug 22 00:46:59 manuhino mpd: [xl0-2] AUTHPROTO PAP
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: state change Ack-Sent --> Opened
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: auth: peer wants nothing, I want PAP
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: LayerUp
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: rec'd Ident #2 (Opened)
Aug 22 00:46:59 manuhino mpd: [xl0-2] MESG: MSRASV5.10
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: rec'd Ident #3 (Opened)
Aug 22 00:46:59 manuhino mpd: [xl0-2] MESG: MSRAS-0-SPIRT
Aug 22 00:46:59 manuhino mpd: [xl0-2] PAP: rec'd REQUEST #20 len: 16
Aug 22 00:46:59 manuhino mpd: [xl0-2] AUTH: Trying RADIUS
Aug 22 00:46:59 manuhino mpd: [xl0-2] RADIUS: Authenticating user 'spirt'
Aug 22 00:46:59 manuhino mpd: [xl0-2] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user 'spirt'
Aug 22 00:46:59 manuhino mpd: [xl0-2] AUTH: RADIUS returned: authenticated
Aug 22 00:46:59 manuhino mpd: [xl0-2] PAP: Auth return status: authenticated
Aug 22 00:46:59 manuhino mpd: [xl0-2] PAP: Response is valid
Aug 22 00:46:59 manuhino mpd: [xl0-2] PAP: Reply message: Welcome
Aug 22 00:46:59 manuhino mpd: [xl0-2] PAP: sending ACK #20 len: 12
Aug 22 00:46:59 manuhino mpd: [xl0-2] LCP: authorization successful
Aug 22 00:46:59 manuhino mpd: [xl0-2] Link: Matched action 'bundle "B" ""'
Aug 22 00:46:59 manuhino mpd: [xl0-2] Creating new bundle using template "B".
Aug 22 00:46:59 manuhino mpd: [B-1] Bundle: Interface ng0 created
Aug 22 00:46:59 manuhino mpd: [xl0-2] Link: Join bundle "B-1"
Aug 22 00:46:59 manuhino mpd: [B-1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: Open event
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: state change Initial --> Starting
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: LayerStart
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: Up event
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: state change Starting --> Req-Sent
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: SendConfigReq #1
Aug 22 00:46:59 manuhino mpd: [B-1] IPADDR 10.0.0.250
Aug 22 00:46:59 manuhino mpd: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Aug 22 00:46:59 manuhino mpd: [xl0-2] rec'd unexpected protocol CCP, rejecting
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
Aug 22 00:46:59 manuhino mpd: [B-1] IPADDR 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] NAKing with 10.0.0.10
Aug 22 00:46:59 manuhino mpd: [B-1] PRIDNS 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] NAKing with 10.0.0.250
Aug 22 00:46:59 manuhino mpd: [B-1] PRINBNS 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] SECDNS 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] NAKing with 194.1.161.149
Aug 22 00:46:59 manuhino mpd: [B-1] SECNBNS 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: SendConfigRej #5
Aug 22 00:46:59 manuhino mpd: [B-1] PRINBNS 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] SECNBNS 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: rec'd Configure Reject #1 (Req-Sent)
Aug 22 00:46:59 manuhino mpd: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: SendConfigReq #2
Aug 22 00:46:59 manuhino mpd: [B-1] IPADDR 10.0.0.250
Aug 22 00:46:59 manuhino mpd: [xl0-2] RADIUS: Accounting user 'spirt' (Type: 1)
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: rec'd Configure Request #6 (Req-Sent)
Aug 22 00:46:59 manuhino mpd: [B-1] IPADDR 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] NAKing with 10.0.0.10
Aug 22 00:46:59 manuhino mpd: [B-1] PRIDNS 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] NAKing with 10.0.0.250
Aug 22 00:46:59 manuhino mpd: [B-1] SECDNS 0.0.0.0
Aug 22 00:46:59 manuhino mpd: [B-1] NAKing with 194.1.161.149
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: SendConfigNak #6
Aug 22 00:46:59 manuhino mpd: [B-1] IPADDR 10.0.0.10
Aug 22 00:46:59 manuhino mpd: [B-1] PRIDNS 10.0.0.250
Aug 22 00:46:59 manuhino mpd: [B-1] SECDNS 194.1.161.149
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: rec'd Configure Ack #2 (Req-Sent)
Aug 22 00:46:59 manuhino mpd: [B-1] IPADDR 10.0.0.250
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: state change Req-Sent --> Ack-Rcvd
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: rec'd Configure Request #7 (Ack-Rcvd)
Aug 22 00:46:59 manuhino mpd: [B-1] IPADDR 10.0.0.10
Aug 22 00:46:59 manuhino mpd: [B-1] 10.0.0.10 is OK
Aug 22 00:46:59 manuhino mpd: [B-1] PRIDNS 10.0.0.250
Aug 22 00:46:59 manuhino mpd: [B-1] SECDNS 194.1.161.149
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: SendConfigAck #7
Aug 22 00:46:59 manuhino mpd: [B-1] IPADDR 10.0.0.10
Aug 22 00:46:59 manuhino mpd: [B-1] PRIDNS 10.0.0.250
Aug 22 00:46:59 manuhino mpd: [B-1] SECDNS 194.1.161.149
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: state change Ack-Rcvd --> Opened
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: LayerUp
Aug 22 00:46:59 manuhino mpd: [B-1] 10.0.0.250 -> 10.0.0.10
Aug 22 00:46:59 manuhino mpd: [B-1] IFACE: Up event
Aug 22 00:46:59 manuhino mpd: [xl0-2] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'spirt'
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: rec'd Terminate Request #8 (Opened)
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: state change Opened --> Stopping
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: SendTerminateAck #3
Aug 22 00:46:59 manuhino mpd: [B-1] IPCP: LayerDown
Aug 22 00:46:59 manuhino mpd: [B-1] IFACE: Down event
Aug 22 00:47:00 manuhino mpd: [B-1] IPCP: rec'd Terminate Request #9 (Stopping)
Aug 22 00:47:00 manuhino mpd: [B-1] IPCP: SendTerminateAck #4
Aug 22 00:47:01 manuhino mpd: [B-1] IPCP: state change Stopping --> Stopped
Aug 22 00:47:01 manuhino mpd: [B-1] IPCP: LayerFinish
Aug 22 00:47:01 manuhino mpd: [B-1] Bundle: No NCPs left. Closing links...
Aug 22 00:47:01 manuhino mpd: [B-1] Bundle: closing link "xl0-2"...
Aug 22 00:47:01 manuhino mpd: [xl0-2] Link: CLOSE event
Aug 22 00:47:01 manuhino mpd: [xl0-2] LCP: Close event
Aug 22 00:47:01 manuhino mpd: [xl0-2] LCP: state change Opened --> Closing
Aug 22 00:47:01 manuhino mpd: [xl0-2] Link: Leave bundle "B-1"
Aug 22 00:47:01 manuhino mpd: [B-1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
Aug 22 00:47:01 manuhino mpd: [B-1] IPCP: Close event
Aug 22 00:47:01 manuhino mpd: [B-1] IPCP: state change Stopped --> Closed
Aug 22 00:47:01 manuhino mpd: [B-1] IPCP: Down event
Aug 22 00:47:01 manuhino mpd: [B-1] IPCP: state change Closed --> Initial
Aug 22 00:47:01 manuhino mpd: [B-1] Bundle: Shutdown
Aug 22 00:47:01 manuhino mpd: [xl0-2] LCP: SendTerminateReq #3
Aug 22 00:47:01 manuhino mpd: [xl0-2] LCP: LayerDown
Aug 22 00:47:01 manuhino mpd: [xl0-2] RADIUS: Accounting user 'spirt' (Type: 2)
Aug 22 00:47:01 manuhino mpd: [xl0-2] LCP: rec'd Terminate Ack #3 (Closing)
Aug 22 00:47:01 manuhino mpd: [xl0-2] LCP: state change Closing --> Closed
Aug 22 00:47:01 manuhino mpd: [xl0-2] LCP: LayerFinish
Aug 22 00:47:01 manuhino mpd: [xl0-2] Link: DOWN event
Aug 22 00:47:01 manuhino mpd: [xl0-2] LCP: Down event
Aug 22 00:47:01 manuhino mpd: [xl0-2] LCP: state change Closed --> Initial
Aug 22 00:47:01 manuhino mpd: [xl0-2] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'spirt'
Aug 22 00:47:01 manuhino mpd: [xl0-2] Link: SHUTDOWN event
Aug 22 00:47:01 manuhino mpd: [xl0-2] Link: Shutdown
mpd5 и radius по инструкции переустанавливал дважды. Но видимо глаз замылился, чего-то не замечаю или не понимаю  На форуме подобной проблемы не нашел, вот и прошу помощи.... |
|
|
|
« Последнее редактирование: 22 Августа 2010, 18:32:24 от elite »
|
Записан
|
Учиться - это делать то, что не умеешь.
|
|
|
smallcms
NoDeny
Старожил
Карма: 64
Offline
Сообщений: 279
|
|
« Ответ #1 : 22 Августа 2010, 14:58:58 » |
|
Попробуйте вместо выставить (пап не нужен уже несколько лет) sql.conf надеюсь не такой, каким Вы его сюда скопировали. |
|
|
|
|
Записан
|
|
|
|
spirt
NoDeny
Пользователь
Карма: 0
Offline
Сообщений: 16
H2O девиз не наш! Наш – C2H5OH!
|
|
« Ответ #2 : 22 Августа 2010, 16:19:58 » |
|
Попробуйте вместо выставить (пап не нужен уже несколько лет) sql.conf надеюсь не такой, каким Вы его сюда скопировали. прпробовал выставить ничего не изменилось пробовал выставить set link enable chap pap eap также выдаёт ощибку  может в sql.conf чтото не так?  соединение вроде устанавливается но через 6 секунд вылетает с ошибкой. |
|
|
|
|
Записан
|
Учиться - это делать то, что не умеешь.
|
|
|
stix
NoDeny
Спец
Карма: 72
Offline
Сообщений: 1872
Nodeny Support Team
|
|
« Ответ #3 : 22 Августа 2010, 16:25:25 » |
|
обнови rlm_sql с исходников
|
|
|
|
|
Записан
|
|
|
|
spirt
NoDeny
Пользователь
Карма: 0
Offline
Сообщений: 16
H2O девиз не наш! Наш – C2H5OH!
|
|
« Ответ #4 : 22 Августа 2010, 17:02:52 » |
|
обнови rlm_sql с исходников
как это правильно сделать. (Я только учусь) |
|
|
|
|
Записан
|
Учиться - это делать то, что не умеешь.
|
|
|
ser970
NoDeny
Спец
Карма: 70
Offline
Сообщений: 1323
|
|
« Ответ #5 : 22 Августа 2010, 17:20:23 » |
|
обнови rlm_sql с исходников
как это правильно сделать. (Я только учусь) 743 - сервер требует шифрования - причем тут sql - и кстати єто касалось центоса но не фри (там бил таког баг ). дай полный лог - одной сессии ошибка 743 или счас появилась другая? |
|
|
|
|
Записан
|
|
|
|
spirt
NoDeny
Пользователь
Карма: 0
Offline
Сообщений: 16
H2O девиз не наш! Наш – C2H5OH!
|
|
« Ответ #6 : 22 Августа 2010, 17:49:54 » |
|
АААААААААААААААААААААААААААААААААААЙЙЙЙЙЙЙЙЙЙЙЙЙЙЙЙ АЙ АЙ !!!!!!!!!!!! Глубоко перед всеми извиняюсь!!!
Когда создавал тему (ночью) то ошибся.ошибка не 743 а 734она как была 734 так и до сих пор осталась. вот лог авторизации: Aug 22 19:51:39 manuhino mpd: Incoming PPPoE connection request via xl0: for service "" from 00:c0:f0:17:b2:0f
Aug 22 19:51:39 manuhino mpd: [xl0-2] Accepting PPPoE connection
Aug 22 19:51:39 manuhino mpd: [xl0-2] Link: OPEN event
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: Open event
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: state change Initial --> Starting
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: LayerStart
Aug 22 19:51:39 manuhino mpd: [xl0-2] PPPoE: connection successful
Aug 22 19:51:39 manuhino mpd: [xl0-2] Link: UP event
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: Up event
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: state change Starting --> Req-Sent
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: SendConfigReq #1
Aug 22 19:51:39 manuhino mpd: [xl0-2] PROTOCOMP
Aug 22 19:51:39 manuhino mpd: [xl0-2] MRU 1492
Aug 22 19:51:39 manuhino mpd: [xl0-2] MAGICNUM 5edfdf94
Aug 22 19:51:39 manuhino mpd: [xl0-2] AUTHPROTO PAP
Aug 22 19:51:39 manuhino mpd: [xl0-2] MP MRRU 2048
Aug 22 19:51:39 manuhino mpd: [xl0-2] MP SHORTSEQ
Aug 22 19:51:39 manuhino mpd: [xl0-2] ENDPOINTDISC [802.1] 00 04 76 25 b9 93
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: rec'd Configure Request #0 (Req-Sent)
Aug 22 19:51:39 manuhino mpd: [xl0-2] MRU 1480
Aug 22 19:51:39 manuhino mpd: [xl0-2] MAGICNUM 7213549d
Aug 22 19:51:39 manuhino mpd: [xl0-2] CALLBACK 6
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: SendConfigRej #0
Aug 22 19:51:39 manuhino mpd: [xl0-2] CALLBACK 6
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: rec'd Configure Reject #1 (Req-Sent)
Aug 22 19:51:39 manuhino mpd: [xl0-2] PROTOCOMP
Aug 22 19:51:39 manuhino mpd: [xl0-2] MP MRRU 2048
Aug 22 19:51:39 manuhino mpd: [xl0-2] MP SHORTSEQ
Aug 22 19:51:39 manuhino mpd: [xl0-2] ENDPOINTDISC [802.1] 00 04 76 25 b9 93
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: SendConfigReq #2
Aug 22 19:51:39 manuhino mpd: [xl0-2] MRU 1492
Aug 22 19:51:39 manuhino mpd: [xl0-2] MAGICNUM 5edfdf94
Aug 22 19:51:39 manuhino mpd: [xl0-2] AUTHPROTO PAP
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: rec'd Configure Request #1 (Req-Sent)
Aug 22 19:51:39 manuhino mpd: [xl0-2] MRU 1480
Aug 22 19:51:39 manuhino mpd: [xl0-2] MAGICNUM 7213549d
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: SendConfigAck #1
Aug 22 19:51:39 manuhino mpd: [xl0-2] MRU 1480
Aug 22 19:51:39 manuhino mpd: [xl0-2] MAGICNUM 7213549d
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: state change Req-Sent --> Ack-Sent
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: rec'd Configure Ack #2 (Ack-Sent)
Aug 22 19:51:39 manuhino mpd: [xl0-2] MRU 1492
Aug 22 19:51:39 manuhino mpd: [xl0-2] MAGICNUM 5edfdf94
Aug 22 19:51:39 manuhino mpd: [xl0-2] AUTHPROTO PAP
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: state change Ack-Sent --> Opened
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: auth: peer wants nothing, I want PAP
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: LayerUp
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: rec'd Ident #2 (Opened)
Aug 22 19:51:39 manuhino mpd: [xl0-2] MESG: MSRASV5.10
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: rec'd Ident #3 (Opened)
Aug 22 19:51:39 manuhino mpd: [xl0-2] MESG: MSRAS-0-SPIRT
Aug 22 19:51:39 manuhino mpd: [xl0-2] PAP: rec'd REQUEST #2 len: 16
Aug 22 19:51:39 manuhino mpd: [xl0-2] AUTH: Trying RADIUS
Aug 22 19:51:39 manuhino mpd: [xl0-2] RADIUS: Authenticating user 'spirt'
Aug 22 19:51:39 manuhino mpd: [xl0-2] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user 'spirt'
Aug 22 19:51:39 manuhino mpd: [xl0-2] AUTH: RADIUS returned: authenticated
Aug 22 19:51:39 manuhino mpd: [xl0-2] PAP: Auth return status: authenticated
Aug 22 19:51:39 manuhino mpd: [xl0-2] PAP: Response is valid
Aug 22 19:51:39 manuhino mpd: [xl0-2] PAP: Reply message: Welcome
Aug 22 19:51:39 manuhino mpd: [xl0-2] PAP: sending ACK #2 len: 12
Aug 22 19:51:39 manuhino mpd: [xl0-2] LCP: authorization successful
Aug 22 19:51:39 manuhino mpd: [xl0-2] Link: Matched action 'bundle "B" ""'
Aug 22 19:51:39 manuhino mpd: [xl0-2] Creating new bundle using template "B".
Aug 22 19:51:39 manuhino mpd: [B-1] Bundle: Interface ng0 created
Aug 22 19:51:39 manuhino mpd: [xl0-2] Link: Join bundle "B-1"
Aug 22 19:51:39 manuhino mpd: [B-1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: Open event
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: state change Initial --> Starting
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: LayerStart
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: Up event
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: state change Starting --> Req-Sent
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: SendConfigReq #1
Aug 22 19:51:39 manuhino mpd: [B-1] IPADDR 10.0.0.250
Aug 22 19:51:39 manuhino mpd: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Aug 22 19:51:39 manuhino mpd: [xl0-2] RADIUS: Accounting user 'spirt' (Type: 1)
Aug 22 19:51:39 manuhino mpd: [xl0-2] rec'd unexpected protocol CCP, rejecting
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
Aug 22 19:51:39 manuhino mpd: [B-1] IPADDR 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] NAKing with 10.0.0.10
Aug 22 19:51:39 manuhino mpd: [B-1] PRIDNS 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] NAKing with 10.0.0.250
Aug 22 19:51:39 manuhino mpd: [B-1] PRINBNS 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] SECDNS 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] NAKing with 194.1.161.149
Aug 22 19:51:39 manuhino mpd: [B-1] SECNBNS 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: SendConfigRej #5
Aug 22 19:51:39 manuhino mpd: [B-1] PRINBNS 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] SECNBNS 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: rec'd Configure Reject #1 (Req-Sent)
Aug 22 19:51:39 manuhino mpd: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: SendConfigReq #2
Aug 22 19:51:39 manuhino mpd: [B-1] IPADDR 10.0.0.250
Aug 22 19:51:39 manuhino mpd: [xl0-2] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'spirt'
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: rec'd Configure Request #6 (Req-Sent)
Aug 22 19:51:39 manuhino mpd: [B-1] IPADDR 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] NAKing with 10.0.0.10
Aug 22 19:51:39 manuhino mpd: [B-1] PRIDNS 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] NAKing with 10.0.0.250
Aug 22 19:51:39 manuhino mpd: [B-1] SECDNS 0.0.0.0
Aug 22 19:51:39 manuhino mpd: [B-1] NAKing with 194.1.161.149
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: SendConfigNak #6
Aug 22 19:51:39 manuhino mpd: [B-1] IPADDR 10.0.0.10
Aug 22 19:51:39 manuhino mpd: [B-1] PRIDNS 10.0.0.250
Aug 22 19:51:39 manuhino mpd: [B-1] SECDNS 194.1.161.149
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: rec'd Configure Ack #2 (Req-Sent)
Aug 22 19:51:39 manuhino mpd: [B-1] IPADDR 10.0.0.250
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: state change Req-Sent --> Ack-Rcvd
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: rec'd Configure Request #7 (Ack-Rcvd)
Aug 22 19:51:39 manuhino mpd: [B-1] IPADDR 10.0.0.10
Aug 22 19:51:39 manuhino mpd: [B-1] 10.0.0.10 is OK
Aug 22 19:51:39 manuhino mpd: [B-1] PRIDNS 10.0.0.250
Aug 22 19:51:39 manuhino mpd: [B-1] SECDNS 194.1.161.149
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: SendConfigAck #7
Aug 22 19:51:39 manuhino mpd: [B-1] IPADDR 10.0.0.10
Aug 22 19:51:39 manuhino mpd: [B-1] PRIDNS 10.0.0.250
Aug 22 19:51:39 manuhino mpd: [B-1] SECDNS 194.1.161.149
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: state change Ack-Rcvd --> Opened
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: LayerUp
Aug 22 19:51:39 manuhino mpd: [B-1] 10.0.0.250 -> 10.0.0.10
Aug 22 19:51:39 manuhino mpd: [B-1] IFACE: Up event
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: rec'd Terminate Request #8 (Opened)
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: state change Opened --> Stopping
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: SendTerminateAck #3
Aug 22 19:51:39 manuhino mpd: [B-1] IPCP: LayerDown
Aug 22 19:51:39 manuhino mpd: [B-1] IFACE: Down event
Aug 22 19:51:41 manuhino mpd: [B-1] IPCP: rec'd Terminate Request #9 (Stopping)
Aug 22 19:51:41 manuhino mpd: [B-1] IPCP: SendTerminateAck #4
Aug 22 19:51:41 manuhino mpd: [B-1] IPCP: state change Stopping --> Stopped
Aug 22 19:51:41 manuhino mpd: [B-1] IPCP: LayerFinish
Aug 22 19:51:41 manuhino mpd: [B-1] Bundle: No NCPs left. Closing links...
Aug 22 19:51:41 manuhino mpd: [B-1] Bundle: closing link "xl0-2"...
Aug 22 19:51:41 manuhino mpd: [xl0-2] Link: CLOSE event
Aug 22 19:51:41 manuhino mpd: [xl0-2] LCP: Close event
Aug 22 19:51:41 manuhino mpd: [xl0-2] LCP: state change Opened --> Closing
Aug 22 19:51:41 manuhino mpd: [xl0-2] Link: Leave bundle "B-1"
Aug 22 19:51:41 manuhino mpd: [B-1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
Aug 22 19:51:41 manuhino mpd: [B-1] IPCP: Close event
Aug 22 19:51:41 manuhino mpd: [B-1] IPCP: state change Stopped --> Closed
Aug 22 19:51:41 manuhino mpd: [B-1] IPCP: Down event
Aug 22 19:51:41 manuhino mpd: [B-1] IPCP: state change Closed --> Initial
Aug 22 19:51:41 manuhino mpd: [B-1] Bundle: Shutdown
Aug 22 19:51:41 manuhino mpd: [xl0-2] LCP: SendTerminateReq #3
Aug 22 19:51:41 manuhino mpd: [xl0-2] LCP: LayerDown
Aug 22 19:51:41 manuhino mpd: [xl0-2] RADIUS: Accounting user 'spirt' (Type: 2)
Aug 22 19:51:41 manuhino mpd: [xl0-2] LCP: rec'd Terminate Ack #3 (Closing)
Aug 22 19:51:41 manuhino mpd: [xl0-2] LCP: state change Closing --> Closed
Aug 22 19:51:41 manuhino mpd: [xl0-2] LCP: LayerFinish
Aug 22 19:51:41 manuhino mpd: [xl0-2] PPPoE: connection closed
Aug 22 19:51:41 manuhino mpd: [xl0-2] Link: DOWN event
Aug 22 19:51:41 manuhino mpd: [xl0-2] LCP: Down event
Aug 22 19:51:41 manuhino mpd: [xl0-2] LCP: state change Closed --> Initial
Aug 22 19:51:41 manuhino mpd: [xl0-2] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'spirt'
Aug 22 19:51:41 manuhino mpd: [xl0-2] Link: SHUTDOWN event
Aug 22 19:51:41 manuhino mpd: [xl0-2] Link: Shutdown
 |
|
|
|
« Последнее редактирование: 22 Августа 2010, 17:58:15 от elite »
|
Записан
|
Учиться - это делать то, что не умеешь.
|
|
|
spirt
NoDeny
Пользователь
Карма: 0
Offline
Сообщений: 16
H2O девиз не наш! Наш – C2H5OH!
|
|
« Ответ #7 : 22 Августа 2010, 18:01:34 » |
|
извиняюсь, разволновался, забыл.... |
|
|
|
|
Записан
|
Учиться - это делать то, что не умеешь.
|
|
|
ser970
NoDeny
Спец
Карма: 70
Offline
Сообщений: 1323
|
|
« Ответ #8 : 22 Августа 2010, 18:34:58 » |
|
set ipcp ranges 10.0.0.250/32 127.0.0.2/32
set ipcp dns 10.0.0.250 194.1.161.149
и єто не кажется слишком уж страннім,
xl0 - внутренний интерфейс.
10.0.0.250 - реальный адрес, локальный ДНС, он же шлюз
194.1.161.149 - ДНС провайдера
10.0.0.10 - адрес клиента
конект устанавливается но сразу врется - не верная конфиг мдп
127,0,0,0 это локалност
|
|
|
|
|
Записан
|
|
|
|
spirt
NoDeny
Пользователь
Карма: 0
Offline
Сообщений: 16
H2O девиз не наш! Наш – C2H5OH!
|
|
« Ответ #9 : 22 Августа 2010, 18:47:09 » |
|
из мануала pppoe_server:
create bundle template B
set ipcp ranges 1.2.3.4/32 127.0.0.2/32
set ipcp dns 10.1.1.1
1.2.3.4 - один из ip вашего сервера. Рекомендуем использовать реально существующий, например на внешнем интерфейсе. Этот ip будет использован в туннеле: ip сервера <-> клиентский ip.
10.1.1.1 - dns-сервер. Через пробел можно указать несколько.
соответственно: set ipcp ranges 10.0.0.250/32 127.0.0.2/32 set ipcp dns 10.0.0.250 194.1.161.149 во всех вопросах, по схожим темам на форуме, 127.0.0.2/32 присутствует адреса ДНС определяются Aug 22 19:51:39 manuhino mpd: [B-1] PRIDNS 10.0.0.250
Aug 22 19:51:39 manuhino mpd: [B-1] SECDNS 194.1.161.149 |
|
|
|
|
Записан
|
Учиться - это делать то, что не умеешь.
|
|
|
ser970
NoDeny
Спец
Карма: 70
Offline
Сообщений: 1323
|
|
« Ответ #10 : 22 Августа 2010, 19:19:39 » |
|
покаж
ipfw show
ifconfig
мпд уменя не стратовало именно из set ipcp ranges 1.2.3.4/32 127.0.0.2/32
при изменении на 0,0,0,0/0 пошло но тут скорее все дело в версиях.
а в даном случае протокол рвется после получения апи тоесть или gre не бегает или опять с нетгравом (опции в ядре) последнее время довольно часто в нетграфе - то маршруты то еще что то .
|
|
|
|
« Последнее редактирование: 22 Августа 2010, 19:25:19 от ser970 »
|
Записан
|
|
|
|
spirt
NoDeny
Пользователь
Карма: 0
Offline
Сообщений: 16
H2O девиз не наш! Наш – C2H5OH!
|
|
« Ответ #11 : 22 Августа 2010, 19:27:07 » |
|
покаж
ipfw show
ifconfig
ifconfig manuhino# ifconfig
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9<RXCSUM,VLAN_MTU>
ether 00:04:76:25:b9:93
inet 10.0.0.250 netmask 0xffffff00 broadcast 10.0.0.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
ether 00:11:09:80:2a:8b
inet 91.199.196.188 netmask 0xffffffc0 broadcast 91.199.196.191
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
manuhino# ipfw show
00050 24192 1069508 allow tcp from any to me dst-port 22
00051 42223 6735684 allow tcp from me 22 to any
00060 320 14716 allow tcp from any to any dst-port 4899
00061 276 12416 allow tcp from any 4899 to any
00070 0 0 allow tcp from any to any dst-port 28960,28961
00071 0 0 allow tcp from any 28960,28961 to any
00110 156038 23340826 allow ip from any to any via lo0
00120 38360 7968449 skipto 1000 ip from me to any
00130 0 0 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17
00160 48885 51942322 skipto 2000 ip from any to me
00200 200101 23572159 skipto 500 ip from any to any via vr0
00300 209169 25169779 skipto 4500 ip from any to any in
00400 49880 3129642 skipto 450 ip from any to any recv vr0
00420 0 0 divert 1 ip from any to any
00450 49880 3129642 divert 2 ip from any to any
00490 49880 3129642 allow ip from any to any
00500 79899 6021898 skipto 32500 ip from any to any in
00510 120202 17550261 divert 1 ip from any to any
00540 120202 17550261 allow ip from any to any
01000 1378 194939 allow udp from any 53,7723 to any
01010 67041 57898514 allow tcp from any to any setup keep-state
01020 6701 986307 allow udp from any to any keep-state
01100 3781 344491 allow ip from any to any
02000 0 0 check-state
02010 3396 205546 allow icmp from any to any
02020 366 44842 allow tcp from any to any dst-port 80,443
02050 2783 136217 deny ip from any to any via vr0
02060 1408 83849 allow udp from any to any dst-port 53,7723
02100 391 16066 deny ip from any to any
05000 87175 7480173 deny ip from not table(0) to any
05001 0 0 skipto 5010 ip from table(127) to table(126)
05002 121987 17688904 skipto 5030 ip from any to not table(2)
05003 0 0 deny ip from any to not table(1)
05004 0 0 pipe tablearg ip from table(21) to any
05005 0 0 deny ip from any to any
05010 0 0 pipe tablearg ip from table(127) to any
05030 0 0 deny tcp from table(15) to any dst-port 25
05400 121987 17688904 pipe tablearg ip from table(11) to any
32000 0 0 deny ip from any to any
32490 4 468 deny ip from any to any
33000 0 0 pipe tablearg ip from table(126) to table(127)
33001 79882 6020685 skipto 33010 ip from not table(2) to any
33002 0 0 pipe tablearg ip from any to table(20)
33003 0 0 deny ip from any to any
33400 49877 3129516 pipe tablearg ip from any to table(10)
65535 30020 2892298 deny ip from any to any
если надо rc.firewall #!/bin/sh -
f='/sbin/ipfw'
ifOut='vr0'
${f} -f flush
${f} add 50 allow tcp from any to me 22
${f} add 51 allow tcp from me 22 to any
${f} add 60 allow tcp from any to any 4899
${f} add 61 allow tcp from any 4899 to any
${f} add 70 allow tcp from any to any 28960,28961
${f} add 71 allow tcp from any 28960,28961 to any
${f} add 110 allow ip from any to any via lo0
${f} add 120 skipto 1000 ip from me to any
${f} add 130 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
${f} add 160 skipto 2000 ip from any to me
${f} add 200 skipto 500 ip from any to any via ${ifOut}
${f} add 300 skipto 4500 ip from any to any in
${f} add 400 skipto 450 ip from any to any recv ${ifOut}
${f} add 420 divert 1 ip from any to any
${f} add 450 divert 2 ip from any to any
${f} add 490 allow ip from any to any
${f} add 500 skipto 32500 ip from any to any in
${f} add 510 divert 1 ip from any to any
${f} add 540 allow ip from any to any
${f} add 1000 allow udp from any 53,7723 to any
${f} add 1010 allow tcp from any to any setup keep-state
${f} add 1020 allow udp from any to any keep-state
${f} add 1100 allow ip from any to any
${f} add 2000 check-state
${f} add 2010 allow icmp from any to any
${f} add 2020 allow tcp from any to any 80,443
${f} add 2050 deny ip from any to any via ${ifOut}
${f} add 2060 allow udp from any to any 53,7723
${f} add 2100 deny ip from any to any
${f} add 32490 deny ip from any to any
|
|
|
|
« Последнее редактирование: 22 Августа 2010, 19:32:16 от spirt »
|
Записан
|
Учиться - это делать то, что не умеешь.
|
|
|
ser970
NoDeny
Спец
Карма: 70
Offline
Сообщений: 1323
|
|
« Ответ #12 : 22 Августа 2010, 19:41:25 » |
|
а нука попробуй
ipfw add 10 allow gre from any to any
|
|
|
|
|
Записан
|
|
|
|
spirt
NoDeny
Пользователь
Карма: 0
Offline
Сообщений: 16
H2O девиз не наш! Наш – C2H5OH!
|
|
« Ответ #13 : 22 Августа 2010, 19:50:31 » |
|
ipfw add 10 allow gre from any to any #!/bin/sh -
f='/sbin/ipfw'
ifOut='vr0'
${f} -f flush
${f} add 10 allow gre from any to any
${f} add 50 allow tcp from any to me 22
${f} add 51 allow tcp from me 22 to any manuhino# ipfw show
00010 0 0 allow gre from any to any
00050 231 18320 allow tcp from any to me dst-port 22
00051 176 24096 allow tcp from me 22 to any
не помогло та же ошибка |
|
|
|
« Последнее редактирование: 22 Августа 2010, 19:55:13 от spirt »
|
Записан
|
Учиться - это делать то, что не умеешь.
|
|
|
ser970
NoDeny
Спец
Карма: 70
Offline
Сообщений: 1323
|
|
« Ответ #14 : 22 Августа 2010, 20:04:36 » |
|
стукни взатра с утра в аську
|
|
|
|
|
Записан
|
|
|
|
|
