Биллинговая система Nodeny

[root@nas_zkl /usr/local/nodeny]# perl nokernel.pl -L
Start. Flag -h for help
loading /usr/local/nodeny/sat.cfg

MODULE                   RUN?
cap                      0
auth                     1
dhcp                     1
authserver               0
authtraf                 0
system_check             1
system_clean             1
collectors               1
websession               1
tmppays                  1
turbosms                 1
balance                  1
services                 1
make_config              0

[Tue Jun 23 17:01:54 2015] [error] [client 172.16.2.222] (2)No such file or directory: exec of '/usr/local/www/apache22/cgi-bin/stat.pl' failed
[Tue Jun 23 17:01:54 2015] [error] [client 172.16.2.222] Premature end of script headers: stat.pl

rm -fR /usr/local/www/apache22/cgi-bin
rm -fR /usr/local/www/apache22/data
ln -s /usr/local/nodeny/cgi-bin/ /usr/local/www/apache22/cgi-bin
ln -s /usr/local/nodeny/htdocs/ /usr/local/www/apache22/data

ln -s /usr/local/bin/perl /usr/bin/perl

#!/bin/sh -
f='/sbin/ipfw'

ifOut='ng0'

ifVia=''
ifRecv=''
tmp_or=''
for i in $ifOut
  do
    ifVia="${ifVia}${tmp_or}via $i"
    ifRecv="${ifRecv}${tmp_or}recv $i"
    tmp_or=' or '
  done

${f} -f flush

# dns, liqpay.com, liqpay.com
#${f} table 100 add 0.0.0.0/0
${f} table 100 add 8.8.8.8
${f} table 100 add 50.16.196.80
${f} table 100 add 107.21.122.223

#Otkrivaem SSH
${f} add 50 allow tcp from any to me 22
${f} add 51 allow tcp from me 22 to any

#Otkrivaem 3306 mysql
${f} add 65 allow tcp from any to me 3306
${f} add 66 allow tcp from me 3306 to any

${f} add 110 allow ip from any to any via lo0
${f} add 120 skipto 1000 ip from me to any
${f} add 130 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
${f} add 160 skipto 2000 ip from any to me

${f} add 200 skipto 500 ip from any to any { $ifVia }

${f} add 300 skipto 4500 ip from any to any in

${f} add 400 skipto 450 ip from any to any { $ifRecv }
${f} add 420 divert 1 ip from any to any
${f} add 450 divert 2 ip from any to any
${f} add 490 allow ip from any to any

${f} add 500 skipto 32500 ip from any to any in
${f} add 510 divert 1 ip from any to any
${f} add 540 allow ip from any to any



${f} add 1000 allow udp from any 53,7723 to any
${f} add 1010 allow tcp from any to any setup keep-state
${f} add 1020 allow udp from any to any keep-state
${f} add 1100 allow ip from any to any

${f} add 2000 check-state
${f} add 2010 allow icmp from any to any
${f} add 2020 allow tcp from any to any 22,80,443,5006
${f} add 2030 allow tcp from "table(101)" to any 3306
${f} add 2050 deny ip from any to any { $ifVia }
${f} add 2060 allow udp from any to any 53,7723

${f} add 2100 deny ip from any to any

${f} add 4500 allow ip from any to "table(100)"
${f} add 32490 deny ip from any to any

${f} add 32500 allow ip from "table(100)" to any

ifOut='ng0'

ext_if = "ng0"

set limit states 128000
set optimization aggressive

nat pass on ng0 from 172.16.13.0/24 to any -> ng0

Fw On uid: 450, ip: 172.16.10.109,172.16.13.3, вх.скор: 100000 КБит/с
table 41 add 172.16.13.3 3766
table 41 add 172.16.13.3 3766

CREATE USER 'nodeny'@'1.2.3.4' IDENTIFIED BY 'hardpass';
GRANT SELECT ON `nodeny`.* TO 'nodeny'@'1.2.3.4';

# ps ax | grep no
1413  0- R       1:37.86 /usr/bin/perl /usr/local/nodeny/noserver.pl
1421  0- S      18:12.28 /usr/bin/perl /usr/local/nodeny/nokernel.pl -m=cap -d

GRANT SELECT, EXECUTE ON `nodeny`.* TO 'login'@'***.***.***.***'                                                   |
| GRANT INSERT, UPDATE ON `nodeny`.`mac_uid` TO 'login'@'***.***.***.***'                                            |
| GRANT UPDATE ON `nodeny`.`ip_pool` TO 'login'@'***.***.***.***'

# cat /usr/local/nodeny/cgi-bin/cap.pl
#!/usr/bin/perl
# ------------------- NoDeny ------------------
# Copyright (с) Volik Stanislav, 2008..2013
# ---------------------------------------------
use strict;

$cfg::main_config = '/usr/local/nodeny/sat.cfg';

# Только для отладки
$ses::debug = 1;

# ps ax | grep no
1277 v0- S       7:17.10 /usr/bin/perl /usr/local/nodeny/noserver.pl -d
1278 v0- R      86:02.86 /usr/bin/perl /usr/local/nodeny/nokernel.pl -m=cap -d

| GRANT SELECT, EXECUTE ON `nodeny`.* TO 'login'@'ip'                                                  |
| GRANT INSERT, UPDATE ON `nodeny`.`mac_uid` TO 'login'@'ip'                                      |
| GRANT UPDATE ON `nodeny`.`ip_pool` TO 'login'@'ip'                                                    |
| GRANT INSERT ON `nodeny`.`websessions` TO 'login'@'ip'                                             |
| GRANT INSERT ON `nodeny`.`webses_data` TO 'login'@'ip'                                            |

rsh ip_сервера_с_ipcad show ip acco