Много utm5_rfw на одной машине - одинсистемный юзер или нет?

[dalex]

кто в курсе для каждого utm5_rfw со своим конфигом надо прописывать своего системного юзера utm5 или все могут работать под одним?

[Blackmore]

у меня заведен один системный пользователь rfw в утм - с необходимыми разрешенными функциями, все работает с нескольким копиями rfw - проблем пока не увидел ...
если не секрет - отчего такой вопрос ?

[dalex]

Blackmore
решил подстраховаться на всякий случай

[akh]

2 rfw для разных задач с разными конфигами. системный юзер - один. работает не ура. зачем 2ух юзеров заводить - не очень понятно.

[Роман]

у меня так:
2 rfw с своими конфигами на одной машине, все работают в safe.
заводить 2 юзера, помоему изврат


utm5_rfw.sh

#!/bin/sh
# chkconfig: 2345 90 10
# description: UTM Billing System firewall control tool
trap '' 1 2 3 15

utm_exec=safe_utm5_rfw
err_log=/netup/utm5/log/utm5_rfw.log
exec_dir=/netup/utm5/bin


case "$1" in
start)
if [ -x $exec_dir/$utm_exec ];
then
$exec_dir/$utm_exec start &
else
echo $exec_dir/$utm_exec no such file
fi
;;
stop)
if [ -x $exec_dir/$utm_exec ];
then
$exec_dir/$utm_exec stop &
else
echo "Stopping utm5_rfw"
echo $exec_dir/$utm_exec no such file
if [ `uname` = 'SunOS' ]
then
pkill -9 utm5_rfw
else
killall -9 utm5_rfw
fi
fi
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
exit 64
;;
esac

safe_utm5_rfw:

#!/bin/sh
# description: UTM Billing System Radius Safe start script
trap '' 1 2 3 15

pid_file=/var/run/utm5_rfw.pid
utm_exec=utm5_rfw
err_log=/netup/utm5/log/rfw5.log
exec_dir=/netup/utm5/bin
root_email=root
rfw_flags="-f"
rfw_cfg=/netup/utm5/rfw5.cfg

if [ -r $rfw_cfg ]; then
. $rfw_cfg
fi

case "$1" in
start)
if [ -x $exec_dir/$utm_exec ]; then
echo "Starting utm5_rfw"
if test -f $pid_file
then
PID=`cat $pid_file`
if /bin/kill -9 $PID > /dev/null 2> /dev/null
then
if /bin/ps p $PID | grep $utm_exec > /dev/null
then # The pid contains a utm5_radius process
echo "A utm5_rfw process already exists"
echo "A utm5_rfw process already exists at " `date` >> $err_log
exit 1
fi
fi
rm -f $pid_file
if test -f $pid_file
then
echo "Fatal error: Can't remove the pid file: $pid_file"
echo "Fatal error: Can't remove the pid file: $pid_file at " `date` >> $err_log
echo "Please remove it manually and start $0 again"
echo "utm5_rfw not started"
exit 1
fi
fi
while true
do
$exec_dir/$utm_exec -c $rfw_cfg $rfw_flags >>$err_log 2>&1
if test ! -f $pid_file
then
break
fi
echo "utm5_rfw process exited ... Check it" | mail $root_email
echo "utm5_rfw process exited ... mail to admin sended. Sleeping 10 sec!"
sleep 10
done
fi
;;
stop)
echo "Stopping utm5_rfw"
if [ -r $pid_file ]
then
rfw_pid=`cat $pid_file`
rm -f $pid_file
kill -SIGKILL $rfw_pid >>$err_log 2>&1
else
rm -f $pid_file >>$err_log 2>&1
killall -SIGKILL $utm_exec >>$err_log 2>&1
fi
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
exit 64
;;
esac

ВТОРОЙ:


utm5_rfw_cisco.sh

#!/bin/sh
# chkconfig: 2345 90 10
# description: UTM Billing System firewall control tool
trap '' 1 2 3 15

utm_exec=safe_utm5_rfw_cisco
err_log=/netup/utm5/log/utm5_cisco_rfw.log
exec_dir=/netup/utm5/bin


case "$1" in
start)
if [ -x $exec_dir/$utm_exec ];
then
$exec_dir/$utm_exec start &
else
echo $exec_dir/$utm_exec no such file
fi
;;
stop)
if [ -x $exec_dir/$utm_exec ];
then
$exec_dir/$utm_exec stop &
else
echo "Stopping utm5_rfw"
echo $exec_dir/$utm_exec no such file
if [ `uname` = 'SunOS' ]
then
pkill -9 utm5_rfw
else
killall -9 utm5_rfw
fi
fi
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
exit 64
;;
esac

safe_utm5_rfw_cisco

#!/bin/sh
# description: UTM Billing System Radius Safe start script
trap '' 1 2 3 15

pid_file=/var/run/utm5_rfw_cisco.pid
utm_exec=utm5_rfw_cisco
err_log=/netup/utm5/log/rfw5_cisco.log
exec_dir=/netup/utm5/bin
root_email=root
rfw_flags="-f"
rfw_cfg=/netup/utm5/rfw5_cisco.cfg

if [ -r $rfw_cfg ]; then
. $rfw_cfg
fi

case "$1" in
start)
if [ -x $exec_dir/$utm_exec ]; then
echo "Starting utm5_rfw_cisco"
if test -f $pid_file
then
PID=`cat $pid_file`
if /bin/kill -9 $PID > /dev/null 2> /dev/null
then
if /bin/ps p $PID | grep $utm_exec > /dev/null
then # The pid contains a utm5_radius process
echo "A utm5_rfw_cisco process already exists"
echo "A utm5_rfw_cisco process already exists at " `date` >> $err_log
exit 1
fi
fi
rm -f $pid_file
if test -f $pid_file
then
echo "Fatal error: Can't remove the pid file: $pid_file"
echo "Fatal error: Can't remove the pid file: $pid_file at " `date` >> $err_log
echo "Please remove it manually and start $0 again"
echo "utm5_rfw_cisco not started"
exit 1
fi
fi
while true
do
$exec_dir/$utm_exec -c $rfw_cfg $rfw_flags >>$err_log 2>&1
if test ! -f $pid_file
then
break
fi
echo "utm5_rfw_cisco process exited ... Check it" | mail $root_email
echo "utm5_rfw_cisco process exited ... mail to admin sended. Sleeping 10 sec!"
sleep 10
done
fi
;;
stop)
echo "Stopping utm5_rfw_cisco"
if [ -r $pid_file ]
then
rfw_pid=`cat $pid_file`
rm -f $pid_file
kill -SIGKILL $rfw_pid >>$err_log 2>&1
else
rm -f $pid_file >>$err_log 2>&1
killall -SIGKILL $utm_exec >>$err_log 2>&1
fi
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
exit 64
;;
esac

[XoRe]

Разницы нет, запущены они под одним юзером или под разными.
Нет вещей, критичных к отдельному юзеру.

[dda2000]

Роман
А можно еще ваши конфиги посмотреть
/netup/utm5/rfw5_cisco.cfg
/netup/utm5/rfw5.cfg

Ну никак не запускается вторая копия rfw

Кстати, utm5_rfw_cisco создавали путем копирования utm5_rfw или в нем еще что нибудь меняли в редакторе?

[dda2000]

Необходимо организовать управление access-list-ми 4-х роутеров (на базе Mikrotik RouterOS). Т.к. нет возможности запуска utm5_rfw на каждом из роутеров, нужно запустить четыре копии utm5_rfw на машине с установленным биллингом UTM5. Управление одним роутером настроено и работет, по схеме описанной мной в разделе документация - viewtopic.php?t=3461 .
1. Создал копии

Код: Выделить всё

cp /netup/utm5/rfw5.cfg /netup/utm5/rfw5_2.cfg

Код: Выделить всё

cp /netup/utm5/bin/safe_utm5_rfw /netup/utm5/bin/safe_utm5_rfw_2

Код: Выделить всё

cp /netup/utm5/bin/utm5_rfw /netup/utm5/bin/utm5_rfw_2

Код: Выделить всё

cp /usr/local/etc/rc.d/utm5_rfw.sh /usr/local/etc/rc.d/utm5_rfw_2.sh

safe_utm5_rfw

Код: Выделить всё

#!/bin/sh
# description: UTM Billing System Radius Safe start script
trap '' 1 2 3 15

pid_file=/var/run/utm5_rfw.pid
utm_exec=utm5_rfw
err_log=/netup/utm5/log/rfw5.log
exec_dir=/netup/utm5/bin
root_email=root
rfw_flags="-f"
rfw_cfg=/netup/utm5/rfw5.cfg

if [ -r $rfw_cfg ]; then
  . $rfw_cfg
fi

case "$1" in
start)
        if [ -x $exec_dir/$utm_exec ]; then
            echo "Starting utm5_rfw"
			if test -f $pid_file
			then
				PID=`cat $pid_file`
				if /bin/kill -9 $PID > /dev/null 2> /dev/null
				then
					if /bin/ps p $PID | grep $utm_exec > /dev/null
					then    # The pid contains a utm5_radius process
					echo "A utm5_rfw process already exists"
					echo "A utm5_rfw process already exists at " `date` >> $err_log
					exit 1
					fi
				fi
				rm -f $pid_file
				if test -f $pid_file
				then
					echo "Fatal error: Can't remove the pid file: $pid_file"
					echo "Fatal error: Can't remove the pid file: $pid_file at " `date` >> $err_log
					echo "Please remove it manually and start $0 again"
					echo "utm5_rfw not started"
					exit 1
				fi
			fi
			while true
			do
    		  $exec_dir/$utm_exec $rfw_flags >>$err_log 2>&1 
			  if test ! -f $pid_file
			  then
				break
			  fi
				echo "utm5_rfw process exited ... Check it" | mail $root_email
				echo "utm5_rfw process exited ... mail to admin sended. Sleeping 10 sec!"
				sleep 10
		    done
        fi
        ;;
stop)
        echo "Stopping utm5_rfw"
        if [ -r $pid_file ]
        then
          rfw_pid=`cat $pid_file`
		  rm -f $pid_file
          kill -SIGKILL $rfw_pid >>$err_log 2>&1
        else  
		  rm -f $pid_file >>$err_log 2>&1
          killall -SIGKILL $utm_exec >>$err_log 2>&1
        fi
        ;;
*)
        echo "Usage: `basename $0` {start|stop}" >&2
        exit 64
        ;;

safe_utm5_rfw_2

Код: Выделить всё

#!/bin/sh
# description: UTM Billing System Radius Safe start script
trap '' 1 2 3 15

pid_file=/var/run/utm5_rfw_2.pid
utm_exec=utm5_rfw_2
err_log=/netup/utm5/log/rfw5_2.log
exec_dir=/netup/utm5/bin
root_email=root
rfw_flags="-f"
rfw_cfg=/netup/utm5/rfw5_2.cfg

if [ -r $rfw_cfg ]; then
  . $rfw_cfg
fi

case "$1" in
start)
        if [ -x $exec_dir/$utm_exec ]; then
            echo "Starting utm5_rfw_2"
			if test -f $pid_file
			then
				PID=`cat $pid_file`
				if /bin/kill -9 $PID > /dev/null 2> /dev/null
				then
					if /bin/ps p $PID | grep $utm_exec > /dev/null
					then    # The pid contains a utm5_radius process
					echo "A utm5_rfw_2 process already exists"
					echo "A utm5_rfw_2 process already exists at " `date` >> $err_log
					exit 1
					fi
				fi
				rm -f $pid_file
				if test -f $pid_file
				then
					echo "Fatal error: Can't remove the pid file: $pid_file"
					echo "Fatal error: Can't remove the pid file: $pid_file at " `date` >> $err_log
					echo "Please remove it manually and start $0 again"
					echo "utm5_rfw_2 not started"
					exit 1
				fi
			fi
			while true
			do
    		  $exec_dir/$utm_exec $rfw_flags >>$err_log 2>&1 
			  if test ! -f $pid_file
			  then
				break
			  fi
				echo "utm5_rfw_2 process exited ... Check it" | mail $root_email
				echo "utm5_rfw_2 process exited ... mail to admin sended. Sleeping 10 sec!"
				sleep 10
		    done
        fi
        ;;
stop)
        echo "Stopping utm5_rfw_2"
        if [ -r $pid_file ]
        then
          rfw_pid=`cat $pid_file`
		  rm -f $pid_file
          kill -SIGKILL $rfw_pid >>$err_log 2>&1
        else  
		  rm -f $pid_file >>$err_log 2>&1
          killall -SIGKILL $utm_exec >>$err_log 2>&1
        fi
        ;;
*)
        echo "Usage: `basename $0` {start|stop}" >&2
        exit 64
        ;;

utm5_rfw.sh

Код: Выделить всё

#!/bin/sh
# chkconfig: 2345 90 10
# description: UTM Billing System firewall control tool
trap '' 1 2 3 15

utm_exec=safe_utm5_rfw
err_log=/netup/utm5/log/utm5_rfw.log
exec_dir=/netup/utm5/bin


case "$1" in
start)
        if [ -x $exec_dir/$utm_exec ]; 
		then
			$exec_dir/$utm_exec start &
		else
			echo $exec_dir/$utm_exec no such file
        fi
		;;
stop)
        if [ -x $exec_dir/$utm_exec ]; 
		then
			$exec_dir/$utm_exec stop &
		else
			echo "Stopping utm5_rfw"
			echo $exec_dir/$utm_exec no such file
			if [ `uname` = 'SunOS' ]
			then
			    pkill -9 utm5_rfw
			else
			    killall -9 utm5_rfw
			fi
        fi
        ;;
*)
        echo "Usage: `basename $0` {start|stop}" >&2
        exit 64
        ;;
esac

utm5_rfw_2.sh

Код: Выделить всё

#!/bin/sh
# chkconfig: 2345 90 10
# description: UTM Billing System firewall control tool
trap '' 1 2 3 15

utm_exec=safe_utm5_rfw_2
err_log=/netup/utm5/log/utm5_rfw_2.log
exec_dir=/netup/utm5/bin


case "$1" in
start)
        if [ -x $exec_dir/$utm_exec ]; 
		then
			$exec_dir/$utm_exec start &
		else
			echo $exec_dir/$utm_exec no such file
        fi
		;;
stop)
        if [ -x $exec_dir/$utm_exec ]; 
		then
			$exec_dir/$utm_exec stop &
		else
			echo "Stopping utm5_rfw_2"
			echo $exec_dir/$utm_exec no such file
			if [ `uname` = 'SunOS' ]
			then
			    pkill -9 utm5_rfw_2
			else
			    killall -9 utm5_rfw_2
			fi
        fi
        ;;
*)
        echo "Usage: `basename $0` {start|stop}" >&2
        exit 64
        ;;
esac

rfw5.cfg

Код: Выделить всё

##
## /netup/utm5/rfw5.cfg
## UTM5 RFW configuration file
##

## ================================================================================
## COMMAND PATHS
## ================================================================================

## firewall_type
##  Description: Firewall type
##  Allowable values: local, cisco
##  Default value: local
firewall_type=local

## sudo_path
##  Description: sudo path. 
##  Allowable values: path to the executable.
##  Default value&#58; <empty>
#sudo_path=/usr/bin/sudo

## firewall_path
##  Description&#58; Firewall path. 
##  Allowable values&#58; path to the executable.
##  Required parameter.
firewall_path=/usr/local/bin/mikrotik_57pav_ssh.sh

## firewall_flush_cmd
##  Description&#58; Specifies the program to execute when receiving the "flush" signal.
##   Reserved for future use.
##  Default value&#58; <empty>
#firewall_flush_cmd=/usr/sbin/iptables -F

## dont_fork
##  Description&#58; If set to 'true', firewall rules will be applied one-by-one. Recommended when using iptables
##  Allowable values&#58; yes, enable, true
##  Default value&#58; <empty>
#dont_fork=yes

## cisco_ip
##  Description&#58; Cisco firewall IP-address
##  Allowable values&#58; IP address
##  Default value&#58; <empty>
#cisco_ip=10.0.0.1

## ================================================================================
## дпуфхр л сдтх
## ================================================================================

## rfw_name
##  Description&#58; Firewall name specified with UTM_Admin
##  Required parameter.
rfw_name=127.0.0.1

## core_host
##  Description&#58; UTM server IP.
##  Allowable values&#58; IP address
##  Required parameter.
core_host=127.0.0.1

##
##  Description&#58; UTM server port.
##  Default value&#58;12758
core_port=12758

## rfw_login
##  Description&#58; UTM server username.
##  Required parameter.
rfw_login=init

## rfw_password
##  Description&#58; UTM server password.
##  Required parameter.
rfw_password=****

## rfw_ssl_type
##  Description&#58; Encryption type
##  Allowable values&#58; tls1, ssl3, none
##  Default value&#58; ssl3
#rfw_ssl_type=none

## ================================================================================
## LOGGING
## ================================================================================

## log_level
##  Description&#58; Log level.
##  Allowable values&#58; 0, 1, 2, 3
##  Default value&#58; 1
log_level=3

## log_file_main
##  Description&#58; Main logfile path
##  Allowable values&#58; filename
##  Default value&#58; STDOUT
log_file_main=/netup/utm5/log/rfw.log


## log_file_debug
##  Description&#58; Debug logfile path
##  Allowable values&#58; filename
##  Default value&#58; STDOUT
log_file_debug=/netup/utm5/log/rfw.log

## log_file_critical
##  Description&#58; Critical logfile path
##  Allowable values&#58; filename
##  Default value&#58; STDOUT
log_file_critical=/netup/utm5/log/rfw.log

В rfw5_2.cfg меняем firewall_path на соответствующий, а вот что делать с параметром rfw_name ?!?!?! По идее он должен быть другим?!?!?! Пробовал со значением параметра – 127.0.0.1 и 192.168.57.254 (адрес интерфейса). Ну и заводил в админке новый брандмауэр с соответствующими именами.

utm5_rfw запускается без проблем, а вот второй utm5_rfw_2 не запускается.

rfw.log

Код: Выделить всё

Info  : Apr 10 13:07:29 UTM5 Logger: New ` Info  : ' stream: /netup/utm5/log/rfw.log
 Info  : Apr 10 13:07:29 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw.log
 Info  : Apr 10 13:07:29 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw.log
 Info  : Apr 10 13:07:29 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
 Info  : Apr 10 13:07:29 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
?Debug : Apr 10 13:07:29 StreamConnection: Connection using TCP socket
?Debug : Apr 10 13:07:29 StreamConnection: System message recived
?Debug : Apr 10 13:07:29 StreamConnection: Challenge response sent
?Debug : Apr 10 13:07:29 StreamConnection: System message recived
 Info  &#58; Apr 10 13&#58;07&#58;29 StreamConnection&#58; Connection successfully authorized, user id <-1>
 Info  &#58; Apr 10 13&#58;07&#58;29 StreamConnection&#58; Connection successfully authorized, user id <-1>
?Debug &#58; Apr 10 13&#58;07&#58;29 StreamFirewall&#58; Sending name&#58; 127.0.0.1
?Debug &#58; Apr 10 13&#58;07&#58;30 StreamFirewall&#58; Got 'exec' command...
?Debug &#58; Apr 10 13&#58;07&#58;30 FWCntl&#58; dont_fork disabled. Don't wait child process ... 
?Debug &#58; Apr 10 13&#58;07&#58;30 FWCntl&#58; Executing command </usr/local/bin/mikrotik_57pav_ssh.sh>
?Debug &#58; Apr 10 13&#58;07&#58;30 FWCntl&#58; Executing FW rule&#58; ip firewall address-list add address=192.168.57.2 list=allow_ip comment=2 is done.
?Debug &#58; Apr 10 13&#58;07&#58;30 StreamConnection&#58; Message id <0x4001>, handler returns 0
?Debug &#58; Apr 10 13&#58;07&#58;30 StreamFirewall&#58; Got 'exec' command...
……………………..
……………………..
?Debug &#58; Apr 10 13&#58;07&#58;32 StreamConnection&#58; Message id <0x4001>, handler returns 0
?Debug &#58; Apr 10 13&#58;07&#58;32 StreamConnection&#58; poll failed&#58; Interrupted system call
?Debug &#58; Apr 10 13&#58;07&#58;59 StreamFirewall&#58; Got ping from core. Sending reply...
?Debug &#58; Apr 10 13&#58;07&#58;59 StreamConnection&#58; Message id <0x4004>, handler returns 0
?Debug &#58; Apr 10 13&#58;08&#58;29 StreamFirewall&#58; Got ping from core. Sending reply...
?Debug &#58; Apr 10 13&#58;08&#58;29 StreamConnection&#58; Message id <0x4004>, handler returns 0
?Debug &#58; Apr 10 13&#58;08&#58;59 StreamFirewall&#58; Got ping from core. Sending reply...
?Debug &#58; Apr 10 13&#58;08&#58;59 StreamConnection&#58; Message id <0x4004>, handler returns 0
?Debug &#58; Apr 10 13&#58;09&#58;29 StreamFirewall&#58; Got ping from core. Sending reply...
?Debug &#58; Apr 10 13&#58;09&#58;29 StreamConnection&#58; Message id <0x4004>, handler returns 0
 Info  &#58; Apr 10 13&#58;09&#58;44 UTM5 Logger&#58; New ` Info  &#58; ' stream&#58; /netup/utm5/log/rfw.log
 Info  &#58; Apr 10 13&#58;09&#58;44 UTM5 Logger&#58; New `?Debug &#58; ' stream&#58; /netup/utm5/log/rfw.log
 Info  &#58; Apr 10 13&#58;09&#58;44 UTM5 Logger&#58; New `?Debug &#58; ' stream&#58; /netup/utm5/log/rfw.log
 Info  &#58; Apr 10 13&#58;09&#58;44 StreamConnection&#58; Connection thread started. Peer 127.0.0.1&#58;12758
 Info  &#58; Apr 10 13&#58;09&#58;44 StreamConnection&#58; Connection thread started. Peer 127.0.0.1&#58;12758
?Debug &#58; Apr 10 13&#58;09&#58;44 StreamConnection&#58; Connection using TCP socket
?Debug &#58; Apr 10 13&#58;09&#58;44 StreamConnection&#58; System message recived
?Debug &#58; Apr 10 13&#58;09&#58;44 StreamConnection&#58; Challenge response sent
?Debug &#58; Apr 10 13&#58;09&#58;44 StreamConnection&#58; System message recived
 Info  &#58; Apr 10 13&#58;09&#58;44 StreamConnection&#58; Connection successfully authorized, user id <-1>
 Info  &#58; Apr 10 13&#58;09&#58;44 StreamConnection&#58; Connection successfully authorized, user id <-1>
?Debug &#58; Apr 10 13&#58;09&#58;44 StreamFirewall&#58; Sending name&#58; 127.0.0.1
 ERROR &#58; Apr 10 13&#58;09&#58;44 StreamFirewall&#58; Error occured&#58; Firewall with same name is alive
 ERROR &#58; Apr 10 13&#58;09&#58;44 StreamFirewall&#58; Error occured&#58; Firewall with same name is alive
?Debug &#58; Apr 10 13&#58;09&#58;44 StreamConnection&#58; Message id <0x4000>, handler returns 0
 Info  &#58; Apr 10 13&#58;09&#58;49 RFW Config&#58; Terminating firewall&#58; Firewall with same name is alive
 Info  &#58; Apr 10 13&#58;09&#58;49 RFW Config&#58; Terminating firewall&#58; Firewall with same name is alive
 Notice&#58; Apr 10 13&#58;09&#58;49 RFW Config&#58; Pid file found&#58; /var/run/utm5_rfw.pid; Overwriting
 Notice&#58; Apr 10 13&#58;09&#58;49 RFW Config&#58; Pid file found&#58; /var/run/utm5_rfw.pid; Overwriting
-Stats &#58; Apr 10 13&#58;09&#58;49 StreamManager&#58; 	Stats&#58; Uptime&#58; 00&#58;00&#58;05. Events&#58; 0; Errors&#58; 0
?Debug &#58; Apr 10 13&#58;09&#58;59 StreamFirewall&#58; Got ping from core. Sending reply...
?Debug &#58; Apr 10 13&#58;09&#58;59 StreamConnection&#58; Message id <0x4004>, handler returns 0
?Debug &#58; Apr 10 13&#58;10&#58;29 StreamFirewall&#58; Got ping from core. Sending reply...
?Debug &#58; Apr 10 13&#58;10&#58;29 StreamConnection&#58; Message id <0x4004>, handler returns 0
?Debug &#58; Apr 10 13&#58;10&#58;59 StreamFirewall&#58; Got ping from core. Sending reply...
?Debug &#58; Apr 10 13&#58;10&#58;59 StreamConnection&#58; Message id <0x4004>, handler returns 0
?Debug &#58; Apr 10 13&#58;11&#58;29 StreamFirewall&#58; Got ping from core. Sending reply...
?Debug &#58; Apr 10 13&#58;11&#58;29 StreamConnection&#58; Message id <0x4004>, handler returns 0

rfw5.log

Код: Выделить всё

Info  : Apr 10 13:07:29 StreamManager: Registering message handlers..
 Info  &#58; Apr 10 13&#58;07&#58;29 StreamManager&#58; ID <0x4003> handler <0x0807b140>
 Info  &#58; Apr 10 13&#58;07&#58;29 StreamManager&#58; ID <0x4000> handler <0x0807b140>
 Info  &#58; Apr 10 13&#58;07&#58;29 StreamManager&#58; ID <0x4001> handler <0x0807b140>
 Info  &#58; Apr 10 13&#58;07&#58;29 StreamManager&#58; ID <0x4004> handler <0x0807b140>
 Info  &#58; Apr 10 13&#58;07&#58;29 StreamManager&#58; ID <0x4002> handler <0x0807b140>
 Notice&#58; Apr 10 13&#58;07&#58;29 UTM5 RFW&#58; Version 5.2.1-004-bsd starting
 Notice&#58; Apr 10 13&#58;07&#58;29 RFW Config&#58; Processing config file&#58; /netup/utm5/rfw5.cfg
 Info  &#58; Apr 10 13&#58;07&#58;29 UTM5 Logger&#58; New `*CRIT  &#58; ' stream&#58; /netup/utm5/log/rfw.log
 Info  &#58; Apr 10 13&#58;07&#58;29 UTM5 Logger&#58; New ` Info  &#58; ' stream&#58; /netup/utm5/log/rfw.log

rfw5_2.log

Код: Выделить всё

Info  : Apr 10 13:09:44 StreamManager: Registering message handlers..
 Info  &#58; Apr 10 13&#58;09&#58;44 StreamManager&#58; ID <0x4003> handler <0x0807b140>
 Info  &#58; Apr 10 13&#58;09&#58;44 StreamManager&#58; ID <0x4000> handler <0x0807b140>
 Info  &#58; Apr 10 13&#58;09&#58;44 StreamManager&#58; ID <0x4001> handler <0x0807b140>
 Info  &#58; Apr 10 13&#58;09&#58;44 StreamManager&#58; ID <0x4004> handler <0x0807b140>
 Info  &#58; Apr 10 13&#58;09&#58;44 StreamManager&#58; ID <0x4002> handler <0x0807b140>
 Notice&#58; Apr 10 13&#58;09&#58;44 UTM5 RFW&#58; Version 5.2.1-004-bsd starting
 Notice&#58; Apr 10 13&#58;09&#58;44 RFW Config&#58; Processing config file&#58; /netup/utm5/rfw5.cfg
 Notice&#58; Apr 10 13&#58;09&#58;44 RFW Config&#58; Pid file found&#58; /var/run/utm5_rfw.pid; Overwriting
 Info  &#58; Apr 10 13&#58;09&#58;44 UTM5 Logger&#58; New `*CRIT  &#58; ' stream&#58; /netup/utm5/log/rfw.log
 Info  &#58; Apr 10 13&#58;09&#58;44 UTM5 Logger&#58; New ` Info  &#58; ' stream&#58; /netup/utm5/log/rfw.log

Как видно из логов, при запуске utm5_rfw_2 по умолчанию пытается почему то загрузиться с rfw5.cfg, а не с rfw5_2.cfg. Получается в utm5_rfw прошит путь к конфигу?

Если кто нибудь запускал несколько utm5_rfw на одной машине, объясните как это сделать(со всеми тонкостями и подводными камнями).


Народ, помогите решить данную проблему!!!

[weris]

запускай с ключом указанием конфига принудительно

[dda2000]

weris
А по подробнее, если можно
Что запускать и с каким ключем?

[weris]

bill# /netup/utm5/bin/utm5_rfw -h
utm5_rfw: illegal option -- h
NetUP UTM billing system rfw module. Compile date: Oct 25 2006 11:55:55
Version: 5.2.1-003-bsd
Copyright (c) 2001-2004 NetUP Inc. www.netup.ru
usage: utm5_rfw
[-c config_path] Path to config file. Default is /netup/utm5/rfw5.cfg
[-f] Resync 'ON' rules on every startup
[-o] Resync 'OFF' rules on every startup
[-v] Version info
bill#

[XoRe]

2weris:
rfw_name - это просто имя.
Его можно писать какое угодно.
Оно служит как распознавания rfw, когда он подключается к core.
Ихо, если пораскинуть мозгами, можно использовать 1 rfw с хитрым firewall_path.

[dda2000]

Вставил в стартовый скрипт safe_utm5_rfw_2 флаг -с
Оба utm5_rfw запустились со своими конфигами
только вот создают они один и тот же файл utm5_rfw.pid и если запускать последующие клоны utm5_rfw, то они перезаписывают его со своим значением.
А флага для принудительного выбора файла .pid как я понимаю нет?!?!?
Подскажите на сколько это критично и чем в последствии может быть черевато?

[weris]

а подумать??

bill# cat /netup/utm5/bin/safe_utm5_rfw
#!/bin/sh
# description: UTM Billing System Radius Safe start script
trap '' 1 2 3 15

pid_file=/var/run/utm5_rfw.pid

[dda2000]

weris
Здесь то я выставлял разные pid_file, только вот при запуске, utm5_rfw создает только файл с именем utm5_rfw.pid. И в случае запуска второй копии utm5_rfw_2 (при этом в safe_utm5_rfw_2 выставлен совершенно другой параметр pid_file), все равно перезаписывается файл utm5_rfw.pid !!!

для чего только это параметр, если он не несет функциональности?!?!?!