UTM+Mikrotik+RFW

Puzan_aga

Добрый день. Подскажите пожалусто все сделал по статье http://www.x-drivers.ru/content/view/871/53/

В итоге в логах пишется такая фигня. И правела в Mikrotik не отправлются.

Вот часть лога:

Код: Выделить всё

?Debug &#58; Jul 21 10&#58;01&#58;09 StreamFirewall&#58; Got ping from core. Sending reply...
 Info  &#58; Jul 21 10&#58;01&#58;29 UTM5 Logger&#58; New ` Info  &#58; ' stream&#58; /netup/utm5/log/rfw.log
 Info  &#58; Jul 21 10&#58;01&#58;29 UTM5 Logger&#58; New `?Debug &#58; ' stream&#58; /netup/utm5/log/rfw.log
 Info  &#58; Jul 21 10&#58;01&#58;29 UTM5 Logger&#58; New `?Debug &#58; ' stream&#58; /netup/utm5/log/rfw.log
 Info  &#58; Jul 21 10&#58;01&#58;29 StreamConnection&#58; Connection thread started. Peer 127.0.0.1&#58;12758
 Info  &#58; Jul 21 10&#58;01&#58;29 StreamConnection&#58; Connection thread started. Peer 127.0.0.1&#58;12758
?Debug &#58; Jul 21 10&#58;01&#58;29 StreamConnection&#58; Connection using TCP socket
?Debug &#58; Jul 21 10&#58;01&#58;29 StreamConnection&#58; System message recived
?Debug &#58; Jul 21 10&#58;01&#58;29 StreamConnection&#58; Challenge response sent
?Debug &#58; Jul 21 10&#58;01&#58;29 StreamConnection&#58; System message recived
 Info  &#58; Jul 21 10&#58;01&#58;29 StreamConnection&#58; Connection successfully authorized, user id <-1>
 Info  &#58; Jul 21 10&#58;01&#58;29 StreamConnection&#58; Connection successfully authorized, user id <-1>
?Debug &#58; Jul 21 10&#58;01&#58;30 StreamFirewall&#58; Sending name&#58; 127.0.0.1
?Debug &#58; Jul 21 10&#58;01&#58;30 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=10.0.1.29 list=allow comment="1" is done.
?Debug &#58; Jul 21 10&#58;01&#58;30 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=10.0.1.83 list=allow comment="1" is done.
?Debug &#58; Jul 21 10&#58;01&#58;30 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=10.0.1.182 list=allow comment="1" is done.
?Debug &#58; Jul 21 10&#58;01&#58;30 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=10.0.0.228 list=allow comment="1" is done.
?Debug &#58; Jul 21 10&#58;01&#58;30 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
 ERROR &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=10.0.1.228 list=allow comment="1" is done.
?Debug &#58; Jul 21 10&#58;01&#58;30 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 10&#58;01&#58;30 FWCntl&#58; dont_fork disabled. Don't wait child process ...  и т.д

Есди нужна еще какаенибуть информация то пишите.

Зарание большое вам спасибо!!

Puzan_aga

Покапался теперь другая проблема. Правила не добовляются в Mikrotik

Код: Выделить всё

Debug &#58; Jul 21 11&#58;49&#58;11 StreamFirewall&#58; Sending name&#58; 127.0.0.1
?Debug &#58; Jul 21 11&#58;49&#58;11 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=10.0.1.29 list=allow_ip comment=1 is done.
?Debug &#58; Jul 21 11&#58;49&#58;11 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=10.0.1.83 list=allow_ip comment=1 is done.
?Debug &#58; Jul 21 11&#58;49&#58;11 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=10.0.1.182 list=allow_ip comment=1 is done.
?Debug &#58; Jul 21 11&#58;49&#58;11 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=10.0.0.228 list=allow_ip comment=1 is done.
?Debug &#58; Jul 21 11&#58;49&#58;11 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 21 11&#58;49&#58;11 FWCntl&#58; dont_fork disabled. Don't wait child process ...

Puzan_aga

Все разобрался. Можите удалить тему.

parazit

то есть все работает и авторизовываеться но проблема только в правилах? или что?
если да то попробуй в настройках---"Список брандмауэров"---сделать тип локальный, наименование 127.0.0.1 логин и пасс который указан в конфиге, ИП тоже 127.0.0.1

Puzan_aga

Проблема была в правах пользователя Mikrotik. Ему просто прав не хватало для выполнения данной команды.

mig005 · Сообщение **mig005** » Чт июл 28, 2011 13:48

у меня подобная ошибка, UTM не отправляет команды на mikrotik, при ручном запуске скрипта "/usr/local/bin/mikrotik_rfw.sh" конектица и команды срабатывают. Подскажите в каком файле данная ошибка?
rfw.log

Код: Выделить всё

?Debug &#58; Jul 28 19&#58;20&#58;18 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Jul 28 19&#58;20&#58;18 FWCntl&#58; dont_fork disabled. Don't wait child process ....
?Debug &#58; Jul 28 19&#58;20&#58;18 FWCntl&#58; Executing FW rule&#58; /ip firewall address-list add address=192.168.0.50 list=allow_ip comment=1 is done.
?Debug &#58; Jul 28 19&#58;20&#58;18 FWCntl&#58; Executing command </usr/local/bin/mikrotik_rfw.sh>
 ERROR &#58; Jul 28 19&#58;20&#58;18 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
 ERROR &#58; Jul 28 19&#58;20&#58;18 FWCntl&#58; Error executing FW rule, errno <8> error <Exec format error>
?Debug &#58; Jul 28 19&#58;20&#58;36 StreamFirewall&#58; Got ping from core. Sending reply...
?Debug &#58; Jul 28 19&#58;21&#58;06 StreamFirewall&#58; Got ping from core. Sending reply...

main.log

Код: Выделить всё

Info  &#58; Jul 28 19&#58;19&#58;08 RfwPlugin&#58; final command&#58; &#91;/ip firewall address-list remove &#91;find comment=1&#93;&#93;
 Info  &#58; Jul 28 19&#58;19&#58;09 RfwPlugin&#58; final command&#58; &#91;/ip firewall address-list add address=192.168.0.50 list=allow_ip comment=1&#93;

---

Код: Выделить всё

web# uname -a
FreeBSD web.rf 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #0&#58; Tue Aug 18 16&#58;33&#58;39 MSD 2009     root@web.rf&#58;/usr/obj/usr/src/sys/myi386  i386

rfw5.cfg

Код: Выделить всё

rfw_name=127.0.0.1
core_host=127.0.0.1
core_port=12758
rfw_login=init
rfw_password=init
sync_flags=enable
firewall_path=/usr/local/bin/mikrotik_rfw.sh
log_level=3
log_file_main=/netup/utm5/log/rfw.log
log_file_debug=/netup/utm5/log/rfw.log
log_file_critical=/netup/utm5/log/rfw.log