MikroTik + UTM
MikroTik + UTM
Добрый день!
Вопрос который я задам, задавался здесь на форуме, но ответов на него я не нашел. Поэтому прошу ответить или направить в сторону ответа
UTM и MikroTik отдельные компьютеры.
При добавлении пользователя в UTM, в файервол микротика не добавляется пользователь (в address-list allow-ip). Т.е. не выполняется скрипт файла mikrotik_rfw.sh (ssh USERNAME @ UTM_IP_ADDRESS "$*"). А если запустить этот скрипт с командной строки на сервере UTM то без проблем захожу на микротик.
Настройку делал по статье http://www.x-drivers.ru/content/view/871/53/.
В результате при добавлении пользователя в лог пишет
?Debug : Sep 08 14:27:43 ModFWMan: Exec [ip firewall address-list add address=0.0.0.0 list=allow_ip comment=29] on 7
ERROR : Sep 08 14:27:43 ModFWMan: No info for FW 7 found
Т.е. как я понял.... RFW не авторизовался при загрузке, но если запустить RFW командой /netup/utm5/bin/utm5_rfw , то пишет лог...
Info : Sep 08 14:31:39 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Sep 08 14:31:39 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Info : Sep 08 14:31:39 StreamConnection: Connection thread started. Peer 127.0.0.1:11758
ERROR : Sep 08 14:31:39 StreamConnection: Unable to maintain connection. Error code <22>
Info : Sep 08 14:31:39 StreamConnection: Connection from 127.0.0.1:11758 closed
ERROR : Sep 08 14:31:39 StreamManager: set_auth: connection closed
*CRIT : Sep 08 14:31:39 RFW Config: Unable to login, check you configuration file settings
Notice: Sep 08 14:31:39 RFW Config: Pid file found: /var/run/utm5_rfw.pid; Overwriting
файл /netup/utm5/rfw.cfg
firewall_type=local
firewall_path=/usr/local/bin/mikrotik_rfw.sh
rfw_name=127.0.0.1
core_host=127.0.0.1
core_port=11758
rfw_login=init
rfw_password=init
log_level=3
log_file_main=/netup/utm5/log/rfw_main.log
log_file_debug=/netup/utm5/log/rfw_debug.log
log_file_critical=/netup/utm5/log/rfw_critical.log
если не трудно подскажите, вожусь уже не первую неделю
Вопрос который я задам, задавался здесь на форуме, но ответов на него я не нашел. Поэтому прошу ответить или направить в сторону ответа
UTM и MikroTik отдельные компьютеры.
При добавлении пользователя в UTM, в файервол микротика не добавляется пользователь (в address-list allow-ip). Т.е. не выполняется скрипт файла mikrotik_rfw.sh (ssh USERNAME @ UTM_IP_ADDRESS "$*"). А если запустить этот скрипт с командной строки на сервере UTM то без проблем захожу на микротик.
Настройку делал по статье http://www.x-drivers.ru/content/view/871/53/.
В результате при добавлении пользователя в лог пишет
?Debug : Sep 08 14:27:43 ModFWMan: Exec [ip firewall address-list add address=0.0.0.0 list=allow_ip comment=29] on 7
ERROR : Sep 08 14:27:43 ModFWMan: No info for FW 7 found
Т.е. как я понял.... RFW не авторизовался при загрузке, но если запустить RFW командой /netup/utm5/bin/utm5_rfw , то пишет лог...
Info : Sep 08 14:31:39 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Sep 08 14:31:39 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Info : Sep 08 14:31:39 StreamConnection: Connection thread started. Peer 127.0.0.1:11758
ERROR : Sep 08 14:31:39 StreamConnection: Unable to maintain connection. Error code <22>
Info : Sep 08 14:31:39 StreamConnection: Connection from 127.0.0.1:11758 closed
ERROR : Sep 08 14:31:39 StreamManager: set_auth: connection closed
*CRIT : Sep 08 14:31:39 RFW Config: Unable to login, check you configuration file settings
Notice: Sep 08 14:31:39 RFW Config: Pid file found: /var/run/utm5_rfw.pid; Overwriting
файл /netup/utm5/rfw.cfg
firewall_type=local
firewall_path=/usr/local/bin/mikrotik_rfw.sh
rfw_name=127.0.0.1
core_host=127.0.0.1
core_port=11758
rfw_login=init
rfw_password=init
log_level=3
log_file_main=/netup/utm5/log/rfw_main.log
log_file_debug=/netup/utm5/log/rfw_debug.log
log_file_critical=/netup/utm5/log/rfw_critical.log
если не трудно подскажите, вожусь уже не первую неделю
Re: MikroTik + UTM
core_port=12758
должно помочь
должно помочь
Info : Sep 28 16:18:53 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Info : Sep 28 16:18:53 StreamConnection: Connection thread started. Peer 10.5.64.205:12758
?Debug : Sep 28 16:18:53 StreamConnection: Connection using TCP socket
?Debug : Sep 28 16:18:53 StreamConnection: System message recived
?Debug : Sep 28 16:18:53 StreamConnection: Challenge response sent
?Debug : Sep 28 16:18:53 StreamConnection: System message recived
Info : Sep 28 16:18:53 StreamConnection: Connection successfully authorized, user id <-1>
?Debug : Sep 28 16:18:53 StreamFirewall: Sending name: 127.0.0.1
?Debug : Sep 28 16:19:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:19:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:20:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:20:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:21:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:21:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:22:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:22:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:23:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:23:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:24:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:24:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:25:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:25:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:26:23 StreamFirewall: Got ping from core. Sending reply...
Info : Sep 28 16:18:53 StreamConnection: Connection thread started. Peer 10.5.64.205:12758
?Debug : Sep 28 16:18:53 StreamConnection: Connection using TCP socket
?Debug : Sep 28 16:18:53 StreamConnection: System message recived
?Debug : Sep 28 16:18:53 StreamConnection: Challenge response sent
?Debug : Sep 28 16:18:53 StreamConnection: System message recived
Info : Sep 28 16:18:53 StreamConnection: Connection successfully authorized, user id <-1>
?Debug : Sep 28 16:18:53 StreamFirewall: Sending name: 127.0.0.1
?Debug : Sep 28 16:19:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:19:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:20:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:20:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:21:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:21:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:22:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:22:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:23:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:23:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:24:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:24:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:25:23 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:25:53 StreamFirewall: Got ping from core. Sending reply...
?Debug : Sep 28 16:26:23 StreamFirewall: Got ping from core. Sending reply...
##
## /netup/utm5/rfw5.cfg
## UTM5 RFW configuration file
##
## =============================================================================
## MAIN PARAMETERS
## =============================================================================
## rfw_name
## Description: Name of UTM5 rfw by which it is identified when connecting to
## the UTM5 core. The same value must be set in the 'Name' field in the list
## of firewalls in UTM_Admin.
## Possible values: <string>
## Required field
rfw_name=127.0.0.1
## core_host
## Description: IP address of the host running UTM5 core.
## Possible values: <IP address>
## Required field
core_host=10.5.64.205
## core_port
## Description: Port where UTM5 core is listening to Stream.
## Possible values: an integer from 1 to 65534
## Required field
core_port=12758
## rfw_login
## Description: Login used to access to the UTM5 core.
## Required field.
rfw_login=init
## rfw_password
## Description: Password used to access to the UTM5 core.
## Required field.
rfw_password=init
## firewall_type
## Description: Firewall type. Must conform with the 'Type' parameter of the
## firewall with the corresponding name.
## Possible values: local, cisco
## Default value: local
firewall_type=local
## rfw_ssl_type
## Description: SSL connection type. If 'none' is set, the connection is
## unencrypted.
## Possible values: tls1, ssl3, none
## Default value: none
#rfw_ssl_type=none
## =============================================================================
## PARAMETERS THAT ARE VALID WHEN firewall_type=local
## =============================================================================
### firewall_path
## Description: Path to the executable file that performs firewall management.
## Possible values: <name of an executable file>
## Required field
firewall_path=/usr/local/bin/mikrotik_rfw.sh
# sudo_path
## Description: Sudo program path.
## Possible values: <path to an executable file>
## Default value: <unset>
##sudo_path=/usr/bin/sudo
## dont_fork
## Description: If set, firewall rules are applied one-by-one. Recommended when
## using iptables.
## Possible values: yes, enable, true
## Default value: <commands are executed serially>
#dont_fork=yes
## =============================================================================
## PARAMETERS THAT ARE VALID WHEN firewall_type=cisco
## =============================================================================
## cisco_ip
## Description: IP address the commands are sent to via rsh protocol.
## Possible values: <IP address>
## Required field
#cisco_ip=10.0.0.1
## =============================================================================
## LOGGING
## =============================================================================
## log_level
## Description: Logging level.
## Possible values: 0, 1, 2, 3
## Default value: 1
log_level=3
## log_file_main
## Description: Main logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_main=/netup/utm5/log/rfw_main.log
## log_file_debug
## Description: Debug logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_debug=/netup/utm5/log/rfw_debug.log
## log_file_critical
## Description: Critical logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_critical=/netup/utm5/log/rfw_critical.log
## rotate_logs
## Description: Enables logfile rotation.
## Possible values: yes, on, enable
## Default value: disabled
## max_logfile_count
## Description: Maximum number of logfiles to retain. Valid if logfile rotation
## is on.
## Possible values: a positive integer
## Default value: not limited
## max_logfile_size
## Description: Maximum logfile size. When logfile size reaches this limit, a
## rotation is performed. Valid if logfile rotation is on.
## Possible values: <size in bytes>
## Default value: 10485760
## pid_file
## Description: PID file path.
## Possible values: <filename>
## Default value: /var/run/utm5_rfw.pid
## =============================================================================
## MISCELLANEOUS
## =============================================================================
## OBSOLETE. NOT RECOMMENDED TO USE
## Description and default values for these parameters are not provided.
## firewall_flush_cmd
## Possible values: <filename>
#firewall_flush_cmd=/usr/sbin/iptables -F
## core_timeout
## Possible values: 5
## /netup/utm5/rfw5.cfg
## UTM5 RFW configuration file
##
## =============================================================================
## MAIN PARAMETERS
## =============================================================================
## rfw_name
## Description: Name of UTM5 rfw by which it is identified when connecting to
## the UTM5 core. The same value must be set in the 'Name' field in the list
## of firewalls in UTM_Admin.
## Possible values: <string>
## Required field
rfw_name=127.0.0.1
## core_host
## Description: IP address of the host running UTM5 core.
## Possible values: <IP address>
## Required field
core_host=10.5.64.205
## core_port
## Description: Port where UTM5 core is listening to Stream.
## Possible values: an integer from 1 to 65534
## Required field
core_port=12758
## rfw_login
## Description: Login used to access to the UTM5 core.
## Required field.
rfw_login=init
## rfw_password
## Description: Password used to access to the UTM5 core.
## Required field.
rfw_password=init
## firewall_type
## Description: Firewall type. Must conform with the 'Type' parameter of the
## firewall with the corresponding name.
## Possible values: local, cisco
## Default value: local
firewall_type=local
## rfw_ssl_type
## Description: SSL connection type. If 'none' is set, the connection is
## unencrypted.
## Possible values: tls1, ssl3, none
## Default value: none
#rfw_ssl_type=none
## =============================================================================
## PARAMETERS THAT ARE VALID WHEN firewall_type=local
## =============================================================================
### firewall_path
## Description: Path to the executable file that performs firewall management.
## Possible values: <name of an executable file>
## Required field
firewall_path=/usr/local/bin/mikrotik_rfw.sh
# sudo_path
## Description: Sudo program path.
## Possible values: <path to an executable file>
## Default value: <unset>
##sudo_path=/usr/bin/sudo
## dont_fork
## Description: If set, firewall rules are applied one-by-one. Recommended when
## using iptables.
## Possible values: yes, enable, true
## Default value: <commands are executed serially>
#dont_fork=yes
## =============================================================================
## PARAMETERS THAT ARE VALID WHEN firewall_type=cisco
## =============================================================================
## cisco_ip
## Description: IP address the commands are sent to via rsh protocol.
## Possible values: <IP address>
## Required field
#cisco_ip=10.0.0.1
## =============================================================================
## LOGGING
## =============================================================================
## log_level
## Description: Logging level.
## Possible values: 0, 1, 2, 3
## Default value: 1
log_level=3
## log_file_main
## Description: Main logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_main=/netup/utm5/log/rfw_main.log
## log_file_debug
## Description: Debug logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_debug=/netup/utm5/log/rfw_debug.log
## log_file_critical
## Description: Critical logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_critical=/netup/utm5/log/rfw_critical.log
## rotate_logs
## Description: Enables logfile rotation.
## Possible values: yes, on, enable
## Default value: disabled
## max_logfile_count
## Description: Maximum number of logfiles to retain. Valid if logfile rotation
## is on.
## Possible values: a positive integer
## Default value: not limited
## max_logfile_size
## Description: Maximum logfile size. When logfile size reaches this limit, a
## rotation is performed. Valid if logfile rotation is on.
## Possible values: <size in bytes>
## Default value: 10485760
## pid_file
## Description: PID file path.
## Possible values: <filename>
## Default value: /var/run/utm5_rfw.pid
## =============================================================================
## MISCELLANEOUS
## =============================================================================
## OBSOLETE. NOT RECOMMENDED TO USE
## Description and default values for these parameters are not provided.
## firewall_flush_cmd
## Possible values: <filename>
#firewall_flush_cmd=/usr/sbin/iptables -F
## core_timeout
## Possible values: 5
Info : Sep 28 16:18:53 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Sep 28 16:18:53 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Info : Sep 28 16:18:53 StreamConnection: Connection thread started. Peer 10.5.64.205:12758
Info : Sep 28 16:18:53 StreamConnection: Connection successfully authorized, user id <-1>
Info : Sep 28 16:18:53 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw_debug.log
Info : Sep 28 16:18:53 StreamConnection: Connection thread started. Peer 10.5.64.205:12758
Info : Sep 28 16:18:53 StreamConnection: Connection successfully authorized, user id <-1>
Info : Sep 28 16:18:53 StreamManager: Registering message handlers..
Info : Sep 28 16:18:53 StreamManager: ID <0x4003> handler <0x09e145a8>
Info : Sep 28 16:18:53 StreamManager: ID <0x4000> handler <0x09e145a8>
Info : Sep 28 16:18:53 StreamManager: ID <0x4001> handler <0x09e145a8>
Info : Sep 28 16:18:53 StreamManager: ID <0x4004> handler <0x09e145a8>
Info : Sep 28 16:18:53 StreamManager: ID <0x4002> handler <0x09e145a8>
Notice: Sep 28 16:18:53 UTM5 RFW: Version 5.2.1-005-rhel5 starting
Notice: Sep 28 16:18:53 RFW Config: Processing config file: /netup/utm5/rfw5.cfg
Info : Sep 28 16:18:53 UTM5 Logger: New `*CRIT : ' stream: /netup/utm5/log/rfw_critical.log
Info : Sep 28 16:18:53 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
Info : Sep 28 16:18:53 StreamManager: ID <0x4003> handler <0x09e145a8>
Info : Sep 28 16:18:53 StreamManager: ID <0x4000> handler <0x09e145a8>
Info : Sep 28 16:18:53 StreamManager: ID <0x4001> handler <0x09e145a8>
Info : Sep 28 16:18:53 StreamManager: ID <0x4004> handler <0x09e145a8>
Info : Sep 28 16:18:53 StreamManager: ID <0x4002> handler <0x09e145a8>
Notice: Sep 28 16:18:53 UTM5 RFW: Version 5.2.1-005-rhel5 starting
Notice: Sep 28 16:18:53 RFW Config: Processing config file: /netup/utm5/rfw5.cfg
Info : Sep 28 16:18:53 UTM5 Logger: New `*CRIT : ' stream: /netup/utm5/log/rfw_critical.log
Info : Sep 28 16:18:53 UTM5 Logger: New ` Info : ' stream: /netup/utm5/log/rfw_main.log
У меня на винде пишет
FWCntl: Error executing FW rule, errcode = 2
конф
rfw_name=127.0.0.1
core_host=127.0.0.1
core_port=12758
rfw_login=init
rfw_password=init
firewall_type=local
firewall_path=ssh UTM@10.1.2.2
log_level=3
log_file_main=log\rfw.log
log_file_debug=log\rfw.log
log_file_critical=log\rfw.log
-- пробывал уже и так
(firewall_path=c:\windows\plink.exe -ssh UTM@10.1.2.2 )
и по другому
ЧТО Делать, помогите !!!!
FWCntl: Error executing FW rule, errcode = 2
конф
rfw_name=127.0.0.1
core_host=127.0.0.1
core_port=12758
rfw_login=init
rfw_password=init
firewall_type=local
firewall_path=ssh UTM@10.1.2.2
log_level=3
log_file_main=log\rfw.log
log_file_debug=log\rfw.log
log_file_critical=log\rfw.log
-- пробывал уже и так
(firewall_path=c:\windows\plink.exe -ssh UTM@10.1.2.2 )
и по другому
ЧТО Делать, помогите !!!!
У вас x86 микротик версии старше 5.15?
Вы не одиноки в проблеме когда как бы не появляется приглашения командной строки viewtopic.php?t=9228
проблема не в биллинге, а в микротике. На 5.15 проблемы нет.
Вы не одиноки в проблеме когда как бы не появляется приглашения командной строки viewtopic.php?t=9228
проблема не в биллинге, а в микротике. На 5.15 проблемы нет.
подобная проблема была с МТ 5.18Cupitor писал(а):У вас x86 микротик версии старше 5.15?
Вы не одиноки в проблеме когда как бы не появляется приглашения командной строки viewtopic.php?t=9228
проблема не в биллинге, а в микротике. На 5.15 проблемы нет.
5.17, 5.20- полет нормальный