Не считается трафик

[stmw00d00]

Здравствуйте все. Помогите плиз.

Имеем:
Шлюз (все установлено на одной машине)
linux
utm5.2.1-006
ndsad 1.32.1
внутренний интерфейс 172.16.0.0/14 eth2
внешний интерфейс 123.123.123.123 eth1
iptables -t nat -A POSTROUTING -s 172.16.0.0/14 -o eth1 -j SNAT --to-source 123.123.123.123


Два класса трафика
Входящий: из 0.0.0.0 в 123.123.123.123
Исходящий: из 123.123.123.123 в 0.0.0.0



Биллинг вдруг перестал считать трафик. Причем пакеты netflow ловит, при детализации в админке видно что UTM различает входящий и исходящий трафик, но не привязывает его к конкретному пользователю.

ndsad.cfg

Код: Выделить всё

ip 127.0.0.1
port 9996
dummy all                    
force eth1
hash lo 64                    
hash all 32
heap 65536
log /home/netup/log/ndsad.log

Логи ndsad

Код: Выделить всё

ndsad[10835]: Halting on Wed Mar 31 22:39:26 2010

ndsad[10835]: Killing scaner thread...
ndsad[10835]: Family `lo':
ndsad[10835]: Killing `lo' thread...
ndsad[10839]: Halting on Wed Mar 31 22:39:26 2010

ndsad[10839]: Killing scaner thread...
ndsad&#91;10835&#93;&#58; NFC<lo> status on Wed Mar 31 22&#58;40&#58;26 2010
	0/30 messages ready, 0 flows seen...
	0/64 &#40;0.00%&#41; hash usage, 0 entries scaned, 0 dropped
ndsad&#91;10835&#93;&#58; Family `eth'&#58;
ndsad&#91;10835&#93;&#58; Killing `eth2&#58;2' thread...
ndsad&#91;10835&#93;&#58; Killing `eth2&#58;3' thread...
ndsad&#91;10835&#93;&#58; Killing `eth2&#58;1' thread...
ndsad&#91;10835&#93;&#58; Killing `eth2&#58;0' thread...
ndsad&#91;10835&#93;&#58; Killing `eth2' thread...
ndsad&#91;10835&#93;&#58; Killing `eth1&#58;0' thread...
ndsad&#91;10835&#93;&#58; Killing `eth1' thread...
ndsad&#91;10835&#93;&#58; NFC<eth> status on Wed Mar 31 22&#58;40&#58;26 2010
	3/30 messages ready, 2203 flows seen...
	32/32 &#40;100.00%&#41; hash usage, 1623 entries scaned, 1623 dropped
ndsad&#91;10835&#93;&#58; Heap<1>&#58; 1093/1092 nodes, 65580/65520 bytes
ndsad&#91;10835&#93;&#58; Heap<2>&#58; 0/-1 nodes, 0/-52 bytes
ndsad&#91;10834&#93;&#58; WatchDog&#58; child&#91;10835&#93;&#58; SIGSEGV signal cought...

ndsad&#91;10834&#93;&#58; WatchDog&#58; recovering abnormal termination...
ndsad&#91;10863&#93;&#58; `eth1'&#58; new device
ndsad&#91;10865&#93;&#58; `eth1' thread started successfully.
ndsad&#91;10863&#93;&#58; `eth1&#58;0'&#58; new device
ndsad&#91;10866&#93;&#58; `eth1&#58;0' thread started successfully.
ndsad&#91;10866&#93;&#58; `eth1&#58;0' thread is preparing for dummy loop call
ndsad&#91;10863&#93;&#58; `eth2'&#58; new device
ndsad&#91;10867&#93;&#58; `eth2' thread started successfully.
ndsad&#91;10867&#93;&#58; `eth2' thread is preparing for dummy loop call
ndsad&#91;10863&#93;&#58; `eth2&#58;0'&#58; new device
ndsad&#91;10868&#93;&#58; `eth2&#58;0' thread started successfully.
ndsad&#91;10868&#93;&#58; `eth2&#58;0' thread is preparing for dummy loop call
ndsad&#91;10863&#93;&#58; `eth2&#58;1'&#58; new device
ndsad&#91;10869&#93;&#58; `eth2&#58;1' thread started successfully.
ndsad&#91;10869&#93;&#58; `eth2&#58;1' thread is preparing for dummy loop call
ndsad&#91;10863&#93;&#58; `eth2&#58;3'&#58; new device
ndsad&#91;10834&#93;&#58; WatchDog&#58; child&#91;10863&#93; started on Wed Mar 31 22&#58;39&#58;26 2010
ndsad&#91;10870&#93;&#58; `eth2&#58;3' thread started successfully.
ndsad&#91;10863&#93;&#58; `eth2&#58;2'&#58; new device
ndsad&#91;10870&#93;&#58; `eth2&#58;3' thread is preparing for dummy loop call
ndsad&#91;10871&#93;&#58; `eth2&#58;2' thread started successfully.
ndsad&#91;10871&#93;&#58; `eth2&#58;2' thread is preparing for dummy loop call
ndsad&#91;10863&#93;&#58; `lo'&#58; new device
ndsad&#91;10872&#93;&#58; `lo' thread started successfully.
ndsad&#91;10872&#93;&#58; `lo' thread is preparing for dummy loop call
ndsad&#91;10865&#93;&#58; `eth1' thread is preparing for PCAP loop call
ndsad&#91;10865&#93;&#58; pcap_datalink&#40;eth1&#41; = 1
ndsad&#91;10865&#93;&#58; Set ppp offset = 4
ndsad&#91;10863&#93;&#58; Halting on Wed Mar 31 22&#58;39&#58;27 2010

ndsad&#91;10863&#93;&#58; Killing scaner thread...
ndsad&#91;10863&#93;&#58; Family `lo'&#58;
ndsad&#91;10863&#93;&#58; Killing `lo' thread...
ndsad&#91;10863&#93;&#58; NFC<lo> status on Wed Mar 31 22&#58;40&#58;27 2010
	0/30 messages ready, 0 flows seen...
	0/64 &#40;0.00%&#41; hash usage, 0 entries scaned, 0 dropped
ndsad&#91;10863&#93;&#58; Family `eth'&#58;
ndsad&#91;10863&#93;&#58; Killing `eth2&#58;2' thread...
ndsad&#91;10866&#93;&#58; Halting on Wed Mar 31 22&#58;39&#58;27 2010

ndsad&#91;10866&#93;&#58; Killing scaner thread...
ndsad&#91;10863&#93;&#58; Killing `eth2&#58;3' thread...
ndsad&#91;10863&#93;&#58; Killing `eth2&#58;1' thread...
ndsad&#91;10863&#93;&#58; Killing `eth2&#58;0' thread...
ndsad&#91;10863&#93;&#58; Killing `eth2' thread...
ndsad&#91;10863&#93;&#58; Killing `eth1&#58;0' thread...
ndsad&#91;10863&#93;&#58; Killing `eth1' thread...
ndsad&#91;10863&#93;&#58; NFC<eth> status on Wed Mar 31 22&#58;40&#58;27 2010
	9/30 messages ready, 294 flows seen...
	32/32 &#40;100.00%&#41; hash usage, 279 entries scaned, 279 dropped
ndsad&#91;10863&#93;&#58; Heap<1>&#58; 279/1092 nodes, 16740/65520 bytes
ndsad&#91;10863&#93;&#58; Heap<2>&#58; 0/-1 nodes, 0/-52 bytes
ndsad&#91;10834&#93;&#58; WatchDog&#58; child&#91;10863&#93;&#58; SIGSEGV signal cought...

ndsad&#91;10834&#93;&#58; WatchDog&#58; recovering abnormal termination...
ndsad&#91;10876&#93;&#58; `eth1'&#58; new device
ndsad&#91;10878&#93;&#58; `eth1' thread started successfully.
ndsad&#91;10834&#93;&#58; WatchDog&#58; child&#91;10876&#93; started on Wed Mar 31 22&#58;39&#58;27 2010
ndsad&#91;10876&#93;&#58; `eth1&#58;0'&#58; new device
ndsad&#91;10876&#93;&#58; `eth2'&#58; new device
ndsad&#91;10879&#93;&#58; `eth1&#58;0' thread started successfully.
ndsad&#91;10879&#93;&#58; `eth1&#58;0' thread is preparing for dummy loop call
ndsad&#91;10880&#93;&#58; `eth2' thread started successfully.
ndsad&#91;10880&#93;&#58; `eth2' thread is preparing for dummy loop call
ndsad&#91;10876&#93;&#58; `eth2&#58;0'&#58; new device
ndsad&#91;10876&#93;&#58; `eth2&#58;1'&#58; new device
ndsad&#91;10881&#93;&#58; `eth2&#58;0' thread started successfully.
ndsad&#91;10881&#93;&#58; `eth2&#58;0' thread is preparing for dummy loop call
ndsad&#91;10882&#93;&#58; `eth2&#58;1' thread started successfully.
ndsad&#91;10882&#93;&#58; `eth2&#58;1' thread is preparing for dummy loop call
ndsad&#91;10876&#93;&#58; `eth2&#58;3'&#58; new device
ndsad&#91;10876&#93;&#58; `eth2&#58;2'&#58; new device
ndsad&#91;10883&#93;&#58; `eth2&#58;3' thread started successfully.
ndsad&#91;10883&#93;&#58; `eth2&#58;3' thread is preparing for dummy loop call
ndsad&#91;10876&#93;&#58; `lo'&#58; new device
ndsad&#91;10884&#93;&#58; `eth2&#58;2' thread started successfully.
ndsad&#91;10884&#93;&#58; `eth2&#58;2' thread is preparing for dummy loop call
ndsad&#91;10885&#93;&#58; `lo' thread started successfully.
ndsad&#91;10885&#93;&#58; `lo' thread is preparing for dummy loop call
ndsad&#91;10878&#93;&#58; `eth1' thread is preparing for PCAP loop call
ndsad&#91;10878&#93;&#58; pcap_datalink&#40;eth1&#41; = 1
ndsad&#91;10878&#93;&#58; Set ppp offset = 4
ndsad&#91;10879&#93;&#58; Halting on Wed Mar 31 22&#58;39&#58;28 2010

ndsad&#91;10876&#93;&#58; Halting on Wed Mar 31 22&#58;39&#58;28 2010

ndsad&#91;10878&#93;&#58; Halting on Wed Mar 31 22&#58;39&#58;28 2010

ndsad&#91;10880&#93;&#58; Halting on Wed Mar 31 22&#58;39&#58;28 2010

ndsad&#91;10880&#93;&#58; Killing scaner thread...
ndsad&#91;10880&#93;&#58; Family `lo'&#58;
ndsad&#91;10880&#93;&#58; Killing `lo' thread...
ndsad&#91;10879&#93;&#58; Killing scaner thread...
ndsad&#91;10882&#93;&#58; Halting on Wed Mar 31 22&#58;39&#58;28 2010

ndsad&#91;10882&#93;&#58; Killing scaner thread...
ndsad&#91;10881&#93;&#58; Halting on Wed Mar 31 22&#58;39&#58;28 2010

ndsad&#91;10881&#93;&#58; Killing scaner thread...
ndsad&#91;10880&#93;&#58; NFC<lo> status on Wed Mar 31 22&#58;40&#58;28 2010
	0/30 messages ready, 0 flows seen...
	0/64 &#40;0.00%&#41; hash usage, 0 entries scaned, 0 dropped
ndsad&#91;10880&#93;&#58; Family `eth'&#58;
ndsad&#91;10880&#93;&#58; Killing `eth2&#58;2' thread...
ndsad&#91;10883&#93;&#58; Halting on Wed Mar 31 22&#58;39&#58;28 2010

ndsad&#91;10883&#93;&#58; Killing scaner thread...
ndsad&#91;10880&#93;&#58; Killing `eth2&#58;3' thread...
ndsad&#91;10880&#93;&#58; Killing `eth2&#58;1' thread...
ndsad&#91;10880&#93;&#58; Killing `eth2&#58;0' thread...
ndsad&#91;10880&#93;&#58; Killing `eth2' thread...
ndsad&#91;10878&#93;&#58; Killing scaner thread...
ndsad&#91;10876&#93;&#58; Killing scaner thread...
ndsad&#91;10897&#93;&#58; Session opened on Wed Mar 31 22&#58;39&#58;33 2010
ndsad&#91;10897&#93;&#58; binary version `1.32.1'
ndsad&#91;10897&#93;&#58; WatchDog&#58; Dog waken...
ndsad&#91;10897&#93;&#58; WatchDog&#58; child&#91;10898&#93; started on Wed Mar 31 22&#58;39&#58;33 2010
ndsad&#91;10898&#93;&#58; Pid file found&#58;
ndsad&#91;10898&#93;&#58; /var/run/ndsad.pid
ndsad&#91;10898&#93;&#58; Check, if other instance is running
ndsad&#91;10897&#93;&#58; WatchDog&#58; child&#91;10898&#93;&#58; 255 return code...

ndsad&#91;10897&#93;&#58; WatchDog&#58; terminating...
ndsad&#91;10897&#93;&#58; Unable to unlink pid file of another process
ndsad&#91;10897&#93;&#58; Session closed on Wed Mar 31 22&#58;39&#58;33 2010
ndsad&#91;5248&#93;&#58; Session opened on Wed Mar 31 22&#58;44&#58;49 2010
ndsad&#91;5248&#93;&#58; binary version `1.32.1'
ndsad&#91;5248&#93;&#58; WatchDog&#58; Dog waken...
ndsad&#91;5251&#93;&#58; `eth1'&#58; new device
ndsad&#91;5253&#93;&#58; `eth1' thread started successfully.
ndsad&#91;5248&#93;&#58; WatchDog&#58; child&#91;5251&#93; started on Wed Mar 31 22&#58;44&#58;49 2010
ndsad&#91;5251&#93;&#58; `eth1&#58;0'&#58; new device
ndsad&#91;5251&#93;&#58; `eth2'&#58; new device
ndsad&#91;5254&#93;&#58; `eth1&#58;0' thread started successfully.
ndsad&#91;5254&#93;&#58; `eth1&#58;0' thread is preparing for dummy loop call
ndsad&#91;5255&#93;&#58; `eth2' thread started successfully.
ndsad&#91;5255&#93;&#58; `eth2' thread is preparing for dummy loop call
ndsad&#91;5251&#93;&#58; `eth2&#58;0'&#58; new device
ndsad&#91;5251&#93;&#58; `eth2&#58;1'&#58; new device
ndsad&#91;5257&#93;&#58; `eth2&#58;1' thread started successfully.
ndsad&#91;5257&#93;&#58; `eth2&#58;1' thread is preparing for dummy loop call
ndsad&#91;5256&#93;&#58; `eth2&#58;0' thread started successfully.
ndsad&#91;5256&#93;&#58; `eth2&#58;0' thread is preparing for dummy loop call
ndsad&#91;5251&#93;&#58; `eth2&#58;2'&#58; new device
ndsad&#91;5251&#93;&#58; `lo'&#58; new device
ndsad&#91;5258&#93;&#58; `eth2&#58;2' thread started successfully.
ndsad&#91;5258&#93;&#58; `eth2&#58;2' thread is preparing for dummy loop call
ndsad&#91;5259&#93;&#58; `lo' thread started successfully.
ndsad&#91;5259&#93;&#58; `lo' thread is preparing for dummy loop call
ndsad&#91;5253&#93;&#58; `eth1' thread is preparing for PCAP loop call
ndsad&#91;5253&#93;&#58; pcap_datalink&#40;eth1&#41; = 1
ndsad&#91;5253&#93;&#58; Set ppp offset = 4
ndsad&#91;5260&#93;&#58; `eth2&#58;3'&#58; new device
ndsad&#91;5300&#93;&#58; `eth2&#58;3' thread started successfully.
ndsad&#91;5300&#93;&#58; `eth2&#58;3' thread is preparing for dummy loop call

[Аким]

В сервисной связке услуги передачи IP трафика в IP группах, для каждого абонента должен быть назначен хотя бы один IP адрес из localhost например 127.0.0.77 Проверь, у всех ли абонентов назначен этот адрес? Если фаервол отправляет трафик, значит дело не в нем, а в чем-то другом.