Не стартуют скрипты блокировки

chepuha

При ручной и автоматической блокировки скрипты не запускаются, ядро с рфв запущено на 1 машине, но обмен данными идет не через лопбак, а реальный иф. как видно ниже ядро видит рфв.
[root@mail httpd]# lsof -n | grep rfw
..
utm5_rfw 31297 root 0r CHR 1,3 3200 /dev/null
utm5_rfw 31297 root 1u CHR 136,3 5 /dev/pts/3 (deleted)
utm5_rfw 31297 root 2u CHR 136,3 5 /dev/pts/3 (deleted)
utm5_rfw 31297 root 3u CHR 5,0 3195 /dev/tty
utm5_rfw 31297 root 4u IPv4 2031081 TCP 83.172.18.126:40226->83.172.18.126:11758 (ESTABLISHED)
utm5_rfw 31297 root 5u CHR 136,3 5 /dev/pts/3 (deleted)
..
utm_rfw.cfg
rfw_login=lala
rfw_passord=lala_pw
firewall_type=local
firewall_path=/sbin/iptables
shell_path=/bin/bash
sudo_path=/usr/bin/sudo
rfw_name=127.0.0.1

rfw стартует от рута
на всякий случай в sudoerr разрешил для ноубоди всё.

firewall_rules
id=2 is_for_all=1 uid=0 group_id=500 tariff_id=0 rule_on=/sbin/iptables -A BLOCK UIP/UBITS -j ACCEPT rule_off=/sbin/iptables -D BLOCK UIP/UBITS -j ACCEPT router_id=2 is_deleted=0

routers_info
id=1 router_type=0 router_ip=127.0.0.1 login= password= router_comments=Local FreeBSD is_deleted=0
id=2 router_type=0 router_ip=127.0.0.1 login=lala password=lala_pw router_comments=Local Linux iptables is_deleted=0
id=3 router_type=2 router_ip=10.1.2.99 login=netup password=hzp router_comments=Remote Cisco 3620 is_deleted=0
id=4 router_type=0 router_ip=127.0.0.1 login=utm password=lalala router_comments= is_deleted=0
в debug.log :
?Debug : Jun 03 00:18:08 DBCtx: SQL SELECT query: SELECT name,country,region,city,address,email,tel,web FROM registration_info
?Debug : Jun 03 00:18:08 RPCConn<maap@83.172.18.4>: Call finished...
?Debug : Jun 03 00:18:20 RPCConn<maap@83.172.18.4>: Call: 0x2003
?Debug : Jun 03 00:18:20 DBCtx: SQL query: UPDATE accounts SET int_status='0' WHERE id='49'
?Debug : Jun 03 00:18:20 BusLogic: BLM(38) pushed (comment: )
?Debug : Jun 03 00:18:20 UTM5 DBA: hw block for account 49
?Debug : Jun 03 00:18:20 RPCConn<maap@83.172.18.4>: Call finished...
?Debug : Jun 03 00:18:20 BusLogic: try to execute 38
?Debug : Jun 03 00:18:20 BusLogic: hw_block_handler with code 38
?Debug : Jun 03 00:18:20 BusLogic: hw_block_handler start bla_user_hw_unblock|bla_user_hw_block
?Debug : Jun 03 00:18:20 ModFWMan: Internet for UID 49 is disabled. Nothing to be done
?Debug : Jun 03 00:18:20 DBCtx: SQL SELECT query: SELECT rule_on,rule_off,router_id FROM firewall_rules WHERE is_deleted='0' A
ND ((uid='49' AND uid!='0') OR is_for_all='1' )
?Debug : Jun 03 00:18:20 ModFWMan: Ready to execute 1 FW rules for UID 49. State:0
?Debug : Jun 03 00:18:20 DBCtx: SQL SELECT query: SELECT id,router_type,router_ip,login,password,router_comments
FROM routers_info WHERE is_deleted='0'
?Debug : Jun 03 00:18:20 BusLogic: hw_block_handler end bla_user_hw_unblock|bla_user_hw_block
?Debug : Jun 03 00:18:20 BusLogic: finished unknown
?Debug : Jun 03 00:18:20 RPCConn<maap@83.172.18.4>: Call: 0x2011
?Debug : Jun 03 00:18:20 RPCConn<maap@83.172.18.4>: Call finished...
?Debug : Jun 03 00:18:20 RPCConn<maap@83.172.18.4>: Call: 0x2400
?Debug : Jun 03 00:18:20 DBCtx: SQL SELECT query: SELECT id, group_name FROM groups
?Debug : Jun 03 00:18:20 RPCConn<maap@83.172.18.4>: Call finished...
?Debug : Jun 03 00:18:20 RPCConn<maap@83.172.18.4>: Call: 0x2001
?Debug : Jun 03 00:18:20 RPCConn<maap@83.172.18.4>: Call finished...

chepuha

понимаю что допустил ошибку но где, не могу понять.

Сообщение **aospan** » Чт июн 02, 2005 20:18

id=4 router_type=0 router_ip=127.0.0.1 login=utm password=lalala router_comments= is_deleted=0

Удалите "лишние" роутеры с именем 127.0.0.1 либо в правилах файрволл используйте итдентификатор роутера = 4. Всё должно заработать.

chepuha

там id=2 стоит потомучто второй фирвол используется. когда в таблице небыло ничего кроме 2 было тоже самое

chepuha

5.1.10-010
Fedora core 2
rfw стартует от root'a
[root@mail utm5]# more ./rfw5.cfg
rfw_name=tn_club
sudo_path=/usr/bin/sudo
shell_path=/bin/bash
firewall_path=/usr/local/sbin/iptables
#firewall_flush_cmd=/usr/local/sbin/iptables -F
core_host=x.x.x.x
core_port=11758
rfw_login=rfw_login
rfw_password=rw_pass
firewall_type=local
log_file_main=/netup/utm5/log/rfw_main.log
log_file_debug=/netup/utm5/log/rfw_debug.log

debug.log >>>>>>>>>>>
?Debug : Jun 05 18:07:19 RPCConn<maap@83.172.18.4>: Call: 0x2003
?Debug : Jun 05 18:07:19 DBCtx: SQL query: UPDATE accounts SET int_status='0' WHERE id='13'
?Debug : Jun 05 18:07:19 BusLogic: BLM(38) pushed (comment: )
?Debug : Jun 05 18:07:19 UTM5 DBA: hw block for account 13
?Debug : Jun 05 18:07:19 RPCConn<maap@x.x.x.x>: Call finished...
?Debug : Jun 05 18:07:19 BusLogic: try to execute 38
?Debug : Jun 05 18:07:19 BusLogic: hw_block_handler with code 38
?Debug : Jun 05 18:07:19 BusLogic: hw_block_handler start bla_user_hw_unblock|bla_user_hw_block
?Debug : Jun 05 18:07:19 ModFWMan: Internet for UID 13 is disabled. Nothing to be done
?Debug : Jun 05 18:07:19 DBCtx: SQL SELECT query: SELECT rule_on,rule_off,router_id FROM firewall_rules WHERE is_deleted='0' A
ND ((uid='13' AND uid!='0') OR is_for_all='1' OR (( group_id='500') AND group_id!='0'))
?Debug : Jun 05 18:07:19 ModFWMan: Ready to execute 1 FW rules for UID 13. State:0
?Debug : Jun 05 18:07:19 DBCtx: SQL SELECT query: SELECT id,router_type,router_ip,login,password,router_comments
FROM routers_info WHERE is_deleted='0'
?Debug : Jun 05 18:07:19 ModFWMan: Exec [/bin/bash /inet.off x.x.x.x/32] on 1
?Debug : Jun 05 18:07:19 FW@tn_club: Sending [/bin/bash /inet.off x.x.x.x/32]
?Debug : Jun 05 18:07:19 BusLogic: hw_block_handler end bla_user_hw_unblock|bla_user_hw_block
?Debug : Jun 05 18:07:19 BusLogic: finished unknown
?Debug : Jun 05 18:07:19 RPCConn<maap@83.172.18.4>: Call: 0x2011
?Debug : Jun 05 18:07:19 RPCConn<maap@83.172.18.4>: Call finished...
?Debug : Jun 05 18:07:19 RPCConn<maap@83.172.18.4>: Call: 0x2400
?Debug : Jun 05 18:07:19 DBCtx: SQL SELECT query: SELECT id, group_name FROM groups
?Debug : Jun 05 18:07:19 RPCConn<maap@83.172.18.4>: Call finished...
?Debug : Jun 05 18:07:19 RPCConn<maap@83.172.18.4>: Call: 0x2001
?Debug : Jun 05 18:07:19 RPCConn<maap@83.172.18.4>: Call finished...
rfw_debug.log >>>>>>>>>>>>>>
?Debug : Jun 05 18:07:19 RFW URFA[plugin]: Got 'exec' command...
?Debug : Jun 05 18:07:19 FWCntl: Executing FW rule: /bin/bash /inet.off x.x.x.x/32
?Debug : Jun 05 18:07:37 RFW URFA[plugin]: Got ping from core. Sending reply...
?Debug : Jun 05 18:08:07 RFW URFA[plugin]: Got ping from core. Sending reply...
?Debug : Jun 05 18:08:37 RFW URFA[plugin]: Got ping from core. Sending reply...

inet.on :
#!/bin/bash
#PATH="/usr/local/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin"
echo ON >>/loglog
if [ -z $1 ]; then
echo Not enought params >>/loglog
exit
fi

while ( /sbin/iptables -D BLOCK -s $1 -j ACCEPT 2>/dev/null ); do
echo -n .
done
/sbin/iptables -I BLOCK -s $1 -j ACCEPT 2>/dev/null