Просмотр сообщений
|
Страниц: [1] 2 3 4
|
2
|
Главная категория / Курилка / Re: Перезагружается сервер
|
: 21 Апреля 2011, 12:48:05
|
Спасибо за предложенную помощь. Попытался сам разобраться. Проблема вроде как в rc.firewall #!/bin/sh - f='/sbin/ipfw'
ifOut='rl0'
ifOuf='re0'
${f} -f flush
${f} add 39 allow gre from any to any ${f} add 40 allow tcp from any to me 1723 ${f} add 41 allow tcp from me 1723 to any
${f} add 50 allow tcp from any to me 22 ${f} add 51 allow tcp from me 22 to any
${f} add 52 allow tcp from any to me 10000 ${f} add 53 allow tcp from me 10000 to any
${f} add 54 allow tcp from any to any 10080 ${f} add 55 allow tcp from any 10080 to any
${f} add 56 allow tcp from any to any 10021 ${f} add 57 allow tcp from any 10021 to any
${f} add 110 allow ip from any to any via lo0 ${f} add 120 skipto 1000 ip from me to any ${f} add 130 deny icmp from any to any in icmptype 5,9,13,14,15,16,17 ${f} add 160 skipto 2000 ip from any to me
${f} add 200 skipto 500 ip from any to any via ${ifOut} ${f} add 200 skipto 500 ip from any to any via ${ifOuf}
#${f} add 300 setfib 1 ip from "table(30)" to any in ${f} add 301 setfib 2 ip from "table(31)" to any in ${f} add 302 setfib 3 ip from "table(32)" to any in ${f} add 350 skipto 4500 ip from any to any in
${f} add 400 skipto 450 ip from any to any recv ${ifOut} ${f} add 400 skipto 450 ip from any to any recv ${ifOuf} #${f} add 420 divert 1 ip from any to any #${f} add 450 divert 2 ip from any to any ${f} add 450 tee 2 ip from any to any ${f} add 490 allow ip from any to any
${f} add 500 skipto 32500 ip from any to any in #${f} add 510 divert 1 ip from any to any ${f} add 510 tee 1 ip from any to any #${f} add 540 allow ip from any to any
${f} add 1000 allow udp from any 53,7723 to any ${f} add 1010 allow tcp from any to any setup keep-state ${f} add 1020 allow udp from any to any keep-state ${f} add 1100 allow ip from any to any
${f} add 2000 check-state ${f} add 2010 allow icmp from any to any ${f} add 2020 allow tcp from any to any 80,443 ${f} add 2050 deny ip from any to any via ${ifOut} #${f} add 2050 deny ip from any to any via ${ifOuf} # Было ${f} add 2051 deny ip from any to any via ${ifOuf} # Стало ${f} add 2060 allow udp from any to any 53,7723
${f} add 2100 deny ip from any to any
${f} add 32490 deny ip from any to any
Поправил 2050 правило, в логах проскакивает stat kernel: ipfw: ipfw_install_state: entry already present, done, но уже не так часто. Может еще что поправить посоветуете.
|
|
|
3
|
Главная категория / Курилка / Re: Перезагружается сервер
|
: 14 Апреля 2011, 09:50:08
|
Перенес все на FreeBSD 8.2-RELEASE /var/log/massages Apr 14 04:42:40 stat last message repeated 4 times Apr 14 04:47:24 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 05:01:22 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 05:23:48 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 05:42:22 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 06:34:31 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 07:00:04 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 07:23:25 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 07:30:03 stat kernel: arp: 192.168.4.48 moved from 00:17:31:b6:0c:17 to c8:0a:a9:c9:29:5f on vr0 Apr 14 07:33:55 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 07:34:08 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 07:37:54 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 07:46:15 stat last message repeated 2 times Apr 14 07:57:55 stat last message repeated 3 times Apr 14 07:59:34 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 08:07:40 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 08:08:14 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 08:11:25 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 08:19:43 stat kernel: ipfw: ipfw_install_state: entry already present, done Apr 14 08:26:46 stat last message repeated 2 times Apr 14 08:40:02 stat last message repeated 6 times Apr 14 08:53:47 stat syslogd: kernel boot file is /boot/kernel/kernel Далее перезагрузка без видимых причин.
|
|
|
6
|
Главная категория / Курилка / Re: Перезагружается сервер
|
: 06 Апреля 2011, 17:32:46
|
Опции ядра cpu<---><------>I686_CPU ident<-><------>NODENY
makeoptions<--->DEBUG=-g<------><------># Build kernel with gdb(1) debug symbols
options <------>SCHED_ULE<-----><------># ULE scheduler options <------>PREEMPTION<----><------># Enable kernel thread preemption options <------>INET<--><------><------># InterNETworking options <------>INET6<-><------><------># IPv6 communications protocols options <------>SCTP<--><------><------># Stream Control Transmission Protocol options <------>FFS<---><------><------># Berkeley Fast Filesystem options <------>SOFTUPDATES<---><------># Enable FFS soft updates support options <------>UFS_ACL><------><------># Support for access control lists options <------>UFS_DIRHASH<---><------># Improve performance on big directories options <------>UFS_GJOURNAL<--><------># Enable gjournal-based UFS journaling options <------>MD_ROOT><------><------># MD is a potential root device options <------>NFSCLIENT<-----><------># Network Filesystem Client options <------>NFSSERVER<-----><------># Network Filesystem Server options <------>NFSLOCKD<------><------># Network Lock Manager options <------>NFS_ROOT<------><------># NFS usable as /, requires NFSCLIENT options <------>MSDOSFS><------><------># MSDOS Filesystem options <------>CD9660<><------><------># ISO 9660 Filesystem options <------>PROCFS<><------><------># Process filesystem (requires PSEUDOFS) options <------>PSEUDOFS<------><------># Pseudo-filesystem framework options <------>GEOM_PART_GPT<-><------># GUID Partition Tables. options <------>GEOM_LABEL<----><------># Provides labelization options <------>COMPAT_43TTY<--><------># BSD 4.3 TTY compat (sgtty) options <------>COMPAT_FREEBSD4><------># Compatible with FreeBSD4 options <------>COMPAT_FREEBSD5><------># Compatible with FreeBSD5 options <------>COMPAT_FREEBSD6><------># Compatible with FreeBSD6 options <------>COMPAT_FREEBSD7><------># Compatible with FreeBSD7 options <------>SCSI_DELAY=5000><------># Delay (in ms) before probing SCSI options <------>KTRACE<><------><------># ktrace(1) support options <------>STACK<-><------><------># stack(9) support options <------>SYSVSHM><------><------># SYSV-style shared memory options <------>SYSVMSG><------><------># SYSV-style message queues options <------>SYSVSEM><------><------># SYSV-style semaphores options <------>P1003_1B_SEMAPHORES<---># POSIX-style semaphores options <------>_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options <------>PRINTF_BUFR_SIZE=128<--># Prevent printf output being interspersed. options <------>KBD_INSTALL_CDEV<------># install a CDEV entry in /dev options <------>HWPMC_HOOKS<---><------># Necessary kernel hooks for hwpmc(4) options <------>AUDIT<-><------><------># Security event auditing options <------>MAC<---><------><------># TrustedBSD MAC Framework options><------>FLOWTABLE<-----><------># per-cpu routing cache #options <----->KDTRACE_HOOKS<-><------># Kernel DTrace hooks
# To make an SMP kernel, the next two lines are needed options <------>SMP<---><------><------># Symmetric MultiProcessor Kernel device<><------>apic<--><------><------># I/O APIC
# CPU frequency control device<><------>cpufreq
# Bus support. device<><------>acpi device<><------>eisa device<><------>pci
# Floppy drives device<><------>fdc
# ATA and ATAPI devices device<><------>ata device<><------>atadisk><------># ATA disk drives device<><------>ataraid><------># ATA RAID drives device<><------>atapicd><------># ATAPI CDROM drives device<><------>atapifd><------># ATAPI floppy drives device<><------>atapist><------># ATAPI tape drives options <------>ATA_STATIC_ID<-># Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse device<><------>atkbdc<><------># AT keyboard controller device<><------>atkbd<-><------># AT keyboard device<><------>psm<---><------># PS/2 mouse
device<><------>kbdmux<><------># keyboard multiplexer
device<><------>vga<---><------># VGA video card driver
device<><------>splash<><------># Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console device<><------>sc
device<><------>agp<---><------># support several AGP chipsets
# Power management support (see NOTES for more options) #device><------>apm # Add suspend/resume support for the i8254. device<><------>pmtimer
# Serial (COM) ports device<><------>uart<--><------># Generic UART driver
# Parallel port device<><------>ppc device<><------>ppbus<-><------># Parallel port bus (required) device<><------>lpt<---><------># Printer device<><------>plip<--><------># TCP/IP over parallel device<><------>ppi<---><------># Parallel port interface device #device><------>vpo<---><------># Requires scbus and da
# PCI Ethernet NICs. device<><------>de<----><------># DEC/Intel DC21x4x (``Tulip'') device<><------>em<----><------># Intel PRO/1000 Gigabit Ethernet Family device<><------>igb<---><------># Intel PRO/1000 PCIE Server Gigabit Family device<><------>ixgb<--><------># Intel PRO/10GbE Ethernet Card device<><------>le<----><------># AMD Am7900 LANCE and Am79C9xx PCnet device<><------>ti<----><------># Alteon Networks Tigon I/II gigabit Ethernet device<><------>txp<---><------># 3Com 3cR990 (``Typhoon'') device<><------>vx<----><------># 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device<><------>miibus<><------># MII bus support device<><------>ae<----><------># Attansic/Atheros L2 FastEthernet device<><------>age<---><------># Attansic/Atheros L1 Gigabit Ethernet device<><------>alc<---><------># Atheros AR8131/AR8132 Ethernet device<><------>ale<---><------># Atheros AR8121/AR8113/AR8114 Ethernet device<><------>bce<---><------># Broadcom BCM5706/BCM5708 Gigabit Ethernet device<><------>bfe<---><------># Broadcom BCM440x 10/100 Ethernet device<><------>bge<---><------># Broadcom BCM570xx Gigabit Ethernet device<><------>dc<----><------># DEC/Intel 21143 and various workalikes device<><------>et<----><------># Agere ET1310 10/100/Gigabit Ethernet device<><------>fxp<---><------># Intel EtherExpress PRO/100B (82557, 82558) device<><------>jme<---><------># JMicron JMC250 Gigabit/JMC260 Fast Ethernet device<><------>lge<---><------># Level 1 LXT1001 gigabit Ethernet device<><------>msk<---><------># Marvell/SysKonnect Yukon II Gigabit Ethernet device<><------>nfe<---><------># nVidia nForce MCP on-board Ethernet device<><------>nge<---><------># NatSemi DP83820 gigabit Ethernet #device><------>nve<---><------># nVidia nForce MCP on-board Ethernet Networking device<><------>pcn<---><------># AMD Am79C97x PCI 10/100 (precedence over 'le') device<><------>re<----><------># RealTek 8139C+/8169/8169S/8110S device<><------>rl<----><------># RealTek 8129/8139 device<><------>sf<----><------># Adaptec AIC-6915 (``Starfire'') device<><------>sis<---><------># Silicon Integrated Systems SiS 900/SiS 7016 device<><------>sk<----><------># SysKonnect SK-984x & SK-982x gigabit Ethernet device<><------>ste<---><------># Sundance ST201 (D-Link DFE-550TX) device<><------>stge<--><------># Sundance/Tamarack TC9021 gigabit Ethernet device<><------>tl<----><------># Texas Instruments ThunderLAN device<><------>tx<----><------># SMC EtherPower II (83c170 ``EPIC'') device<><------>vge<---><------># VIA VT612x gigabit Ethernet device<><------>vr<----><------># VIA Rhine, Rhine II device<><------>wb<----><------># Winbond W89C840F device<><------>xl<----><------># 3Com 3c90x (``Boomerang'', ``Cyclone'')
# Pseudo devices. device<><------>loop<--><------># Network loopback device<><------>random<><------># Entropy device device<><------>ether<-><------># Ethernet support device<><------>tun<---><------># Packet tunnel. device<><------>pty<---><------># BSD-style compatibility pseudo ttys device<><------>md<----><------># Memory "disks" device<><------>gif<---><------># IPv6 and IPv4 tunneling device<><------>faith<-><------># IPv6-to-IPv4 relaying (translation) device<><------>firmware<------># firmware assist module
device<><------>miibus<><------># MII bus support device<><------>ae<----><------># Attansic/Atheros L2 FastEthernet device<><------>age<---><------># Attansic/Atheros L1 Gigabit Ethernet device<><------>alc<---><------># Atheros AR8131/AR8132 Ethernet device<><------>ale<---><------># Atheros AR8121/AR8113/AR8114 Ethernet device<><------>bce<---><------># Broadcom BCM5706/BCM5708 Gigabit Ethernet device<><------>bfe<---><------># Broadcom BCM440x 10/100 Ethernet device<><------>bge<---><------># Broadcom BCM570xx Gigabit Ethernet device<><------>dc<----><------># DEC/Intel 21143 and various workalikes device<><------>et<----><------># Agere ET1310 10/100/Gigabit Ethernet device<><------>fxp<---><------># Intel EtherExpress PRO/100B (82557, 82558) device<><------>jme<---><------># JMicron JMC250 Gigabit/JMC260 Fast Ethernet device<><------>lge<---><------># Level 1 LXT1001 gigabit Ethernet device<><------>msk<---><------># Marvell/SysKonnect Yukon II Gigabit Ethernet device<><------>nfe<---><------># nVidia nForce MCP on-board Ethernet device<><------>nge<---><------># NatSemi DP83820 gigabit Ethernet #device><------>nve<---><------># nVidia nForce MCP on-board Ethernet Networking device<><------>pcn<---><------># AMD Am79C97x PCI 10/100 (precedence over 'le') device<><------>re<----><------># RealTek 8139C+/8169/8169S/8110S device<><------>rl<----><------># RealTek 8129/8139 device<><------>sf<----><------># Adaptec AIC-6915 (``Starfire'') device<><------>sis<---><------># Silicon Integrated Systems SiS 900/SiS 7016 device<><------>sk<----><------># SysKonnect SK-984x & SK-982x gigabit Ethernet device<><------>ste<---><------># Sundance ST201 (D-Link DFE-550TX) device<><------>stge<--><------># Sundance/Tamarack TC9021 gigabit Ethernet device<><------>tl<----><------># Texas Instruments ThunderLAN device<><------>tx<----><------># SMC EtherPower II (83c170 ``EPIC'') device<><------>vge<---><------># VIA VT612x gigabit Ethernet device<><------>vr<----><------># VIA Rhine, Rhine II device<><------>wb<----><------># Winbond W89C840F device<><------>xl<----><------># 3Com 3c90x (``Boomerang'', ``Cyclone'')
# Pseudo devices. device<><------>loop<--><------># Network loopback device<><------>random<><------># Entropy device device<><------>ether<-><------># Ethernet support device<><------>tun<---><------># Packet tunnel. device<><------>pty<---><------># BSD-style compatibility pseudo ttys device<><------>md<----><------># Memory "disks" device<><------>gif<---><------># IPv6 and IPv4 tunneling device<><------>faith<-><------># IPv6-to-IPv4 relaying (translation) device<><------>firmware<------># firmware assist module
# The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! # Note that 'bpf' is required for DHCP. device<><------>bpf<---><------># Berkeley packet filter
options IPFIREWALL options IPDIVERT options IPFIREWALL_FORWARD options DUMMYNET
options ROUTETABLES=8
options RADIX_MPATH
Использую для авторизации pppoe и vpn mpd5 v. 5.5
|
|
|
7
|
Главная категория / Курилка / Re: Перезагружается сервер
|
: 06 Апреля 2011, 14:00:39
|
За час до пререзагрузки /var/log/massages Apr 5 15:52:58 iserver last message repeated 3 times Apr 5 15:53:14 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 15:55:43 iserver kernel: ipfw: install_state: entry already present, done Apr 5 15:57:45 iserver kernel: ipfw: install_state: entry already present, done Apr 5 15:58:06 iserver kernel: ipfw: install_state: entry already present, done Apr 5 15:58:14 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 15:59:32 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:00:10 iserver last message repeated 3 times Apr 5 16:00:44 iserver last message repeated 2 times Apr 5 16:01:53 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:02:12 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:02:46 iserver last message repeated 3 times Apr 5 16:04:29 iserver last message repeated 3 times Apr 5 16:05:23 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:05:40 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:05:50 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:05:51 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:06:16 iserver last message repeated 2 times Apr 5 16:08:42 iserver last message repeated 3 times Apr 5 16:11:01 iserver last message repeated 3 times Apr 5 16:11:37 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:11:53 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:12:35 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:14:42 iserver last message repeated 5 times Apr 5 16:23:48 iserver last message repeated 15 times Apr 5 16:34:39 iserver last message repeated 13 times Apr 5 16:35:31 iserver last message repeated 3 times Apr 5 16:35:35 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:35:42 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:36:39 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:38:29 iserver last message repeated 4 times Apr 5 16:38:42 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:39:32 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:39:42 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:40:29 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:40:30 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:42:01 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:42:55 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:43:13 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:43:42 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:44:17 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:44:24 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:45:08 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:45:49 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:47:51 iserver last message repeated 6 times Apr 5 16:50:35 iserver last message repeated 4 times Apr 5 16:51:49 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:52:19 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:52:33 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:52:42 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:55:23 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:56:01 iserver kernel: ipfw: install_state: entry already present, done Apr 5 16:56:19 iserver kernel: ifa_del_loopback_route: deletion failed Apr 5 16:58:19 iserver syslogd: kernel boot file is /boot/kernel/kernel
Последняя строка - перезагрузка.
|
|
|
8
|
Главная категория / Курилка / Перезагружается сервер
|
: 06 Апреля 2011, 12:54:42
|
Freebsd 8.0-RELEASE-p2 + Nodeny 49 устанавливались на P4 - одно ядерном, все работало без проблем 10 мес. Переставил винт на 2-х ядерный E7500, после этого стабильно стал перезагружаться раз в 1 - 2 дня. В логах ни чего, менял Память, материнку, прц (на двух ядерный), блок питания, бесперебойник, шнуры, винт - эффект тот же - перезагрузка раз в 1-2 дня, в логах ни чего подозрительного. Возможно необходимо пере собрать ядро под новый проц и мать? Или еще что.
|
|
|
9
|
Главная категория / Общий раздел / Внешний интерфейс как шлюз
|
: 11 Марта 2011, 13:34:19
|
Как настроить pf и ipfw в Nodeny, что бы определенный ip из вне мог использовать сервер в качестве шлюза в инет. Через vpn знаю как, но необходим именно шлюз. re0 - смотрит в инет re1 - смотрит в локалку
pf.conf nat pass on re1 from 172.16.0.0/16 to any -> re1 nat pass on re1 from 192.168.0.0/16 to any -> re1
rc.firewall #!/bin/sh - f='/sbin/ipfw'
ifOut='re1' ....................... .......................
|
|
|
15
|
Главная категория / Общий раздел / Нет Суточной статистики
|
: 09 Января 2011, 15:06:21
|
Статистика ---> Суточная статистика - нет 2011 года. Что делать? 31.12.10 надолго вырубили эл-во, (бесперебойника не хватило), сервер выключился. В результате - DBD::mysql::db do failed: Incorrect key file for table './bill/v2010x12x31.MYI'; try to repair it at nodeny.pl line 2051. После mysqlcheck -repair -p -r bill ошибка в логах пропала, но 2011 год так и не видно.
|
|
|
|