Код: Выделить всё
Module '$sql_type' not supported yet
- DBI
- DBD::mysql
И все ...
Код: Выделить всё
Module '$sql_type' not supported yet
Еще оч интересно откуда в ipfw show берутся вот эти строчки -stels писал(а):Помогите пожалуйста настроить IPFW + NAT!!
Руководствуясь статьей я настроил apfw + nat, но почему то инет не в какую не идет к подключившимся через PPPoE юзерам! Я новичок в рабате с Firewall'ом - поэтому не могу свободно составить правила для него которые бы работали как мне надо!
Если у кого есть опыт в таких делах - оч прошу помогите!
Инет доступен серверу через шлюз 10.10.10.1Код: Выделить всё
#!/bin/sh FwCMD="ipfw -cq" LanOut="rl0" # внешняя сетевуха LanIn="nfe0" # внутренняя сетевуха IpOut="10.10.10.2" # внешний IP IpIn="192.168.1.1" # внутренний IP NetOut="10.10.10.0/29" # внешняя сеть NetIn="192.168.1.0/24" # внутренняя сеть ipfw -f flush ipfw -f table 1 flush ${FwCMD} table 1 add 192.168.0.0/24 ${FwCMD} add check-state ${FwCMD} add allow ip from any to any via lo0 ${FwCMD} add deny ip from any to 127.0.0.0/8 ${FwCMD} add deny ip from 127.0.0.0/8 to any ${FwCMD} nat 100 config if ${LanOut} allow ip from any to any via lo0 ${FwCMD} add allow ip from ${NetIn} to ${NetIn} via ${LanIn} ${FwCMD} add allow ip from 'table(1)' to 'table(1)' ${FwCMD} add nat 100 ip from 'table(1)' to any ${FwCMD} add nat 100 ip from any to ${IpOut} ${FwCMD} table 1 add 192.168.0.0/24 ${FwCMD} add 65535 deny ip from any to any
route_enable="YES"
Firewall, NAT и ng_car собраны в ядре.
Буду очень признателен если укажите на ошибки и/или дополнения!!!
Заранее спасибо!
Код: Выделить всё
03000 0 0 pipe 3000 ip from any to any via ng0 in
03001 0 0 pipe 3001 ip from any to any via ng0 out
Код: Выделить всё
${FwCMD} add nat 100 ip from 'table(1)' to any
${FwCMD} add nat 100 ip from any to ${IpOut}
Код: Выделить всё
nat [on interface] (ext_if (шлюз ext_if)) from table to any -> (ext_if)
Код: Выделить всё
03000 282 169396 pipe 3000 ip from any to any via ng0 in
03001 0 0 pipe 3001 ip from any to any via ng0 out
09000 0 0 allow ip from table(9) to any in recv ng0
09005 0 0 allow ip from any to table(9) out xmit ng0
09020 0 0 allow ip from table(9) to table(2) in recv ng0
09025 0 0 allow ip from table(2) to table(9) out xmit ng0
09030 0 0 allow ip from table(9) to table(3) in recv ng0
09035 0 0 allow ip from table(3) to table(9) out xmit ng0
09120 0 0 skipto 10120 ip from table(12) to table(2) in recv ng0
09125 0 0 skipto 10125 ip from table(2) to table(13) out xmit ng0
09130 0 0 skipto 10130 ip from table(14) to table(3) in recv ng0
09135 0 0 skipto 10135 ip from table(3) to table(15) out xmit ng0
10000 0 0 netgraph tablearg ip from table(10) to any in recv ng0
10010 0 0 netgraph tablearg ip from any to table(11) out xmit ng0
10015 6 1058 allow ip from any to any via ng0
10120 0 0 netgraph tablearg ip from table(12) to any in recv ng0
10125 0 0 netgraph tablearg ip from any to table(13) out xmit ng0
10130 0 0 netgraph tablearg ip from table(14) to any in recv ng0
10135 0 0 netgraph tablearg ip from any to table(15) out xmit ng0
50000 0 0 skipto 65010 ip from 10.10.10.2 to any via ng0
50000 0 0 skipto 65010 ip from any to 10.10.10.2 via ng0
64010 0 0 allow tcp from me 9443 to any via ng0
64011 0 0 allow tcp from any to me dst-port 9443 via ng0
65000 0 0 allow tcp from me 1723 to any via ng0
65001 0 0 allow tcp from any to me dst-port 1723 via ng0
65002 0 0 allow udp from me 53 to any via ng0
65003 0 0 allow udp from any to me dst-port 53 via ng0
65010 113 19054 divert 8668 ip4 from any to any via rl0
65012 0 0 reset log logamount 1000 tcp from any to any via ng0
65013 2 489 deny log logamount 1000 udp from any to any via ng0
65100 19 2552 deny udp from any 135-139 to any via rl0
65100 0 0 deny tcp from any 135-139,445 to any via rl0
65100 0 0 deny udp from any to any dst-port 135-139 via rl0
65100 0 0 deny tcp from any to any dst-port 135-139,445 via rl0
Код: Выделить всё
...
Feb 10 05:29:00 ADMIN mpd: [B2-1] IPADDR 172.16.0.254
Feb 10 05:29:00 ADMIN mpd: [B2-1] CCP: Up event
Feb 10 05:29:00 ADMIN mpd: [B2-1] CCP: Protocol mppc disabled as useless for this setup
Feb 10 05:29:00 ADMIN mpd: [B2-1] CCP: state change Starting --> Req-Sent
Feb 10 05:29:00 ADMIN mpd: [B2-1] CCP: SendConfigReq #1
...
Feb 10 05:29:18 ADMIN mpd: [B2-1] CCP: SendConfigReq #12
Feb 10 05:29:18 ADMIN mpd: [B2-1] CCP: rec'd Terminate Ack #12 (Req-Sent)
Feb 10 05:29:20 ADMIN mpd: [B2-1] CCP: SendConfigReq #13
Feb 10 05:29:20 ADMIN mpd: [B2-1] CCP: rec'd Terminate Ack #13 (Req-Sent)
Feb 10 05:29:22 ADMIN mpd: [B2-1] CCP: parameter negotiation failed
Feb 10 05:29:22 ADMIN mpd: [B2-1] CCP: state change Req-Sent --> Stopped
Feb 10 05:29:22 ADMIN mpd: [B2-1] CCP: LayerFinish
...
Код: Выделить всё
sysctl net.inet.ip.fw.one_pass=0
Код: Выделить всё
ADMIN# /usr/local/abills/libexec/linkupdown up ng0 stels 172.16.0.5 debug
Argument "ng0" isn't numeric in multiplication (*) at /usr/local/abills/libexec/linkupdown line 223.
Expresion:================================
END: =====================================
ipfw -f delete 3000 3001 2000 2001 1000 1001
ipfw add 3000 pipe 3000 ip from any to any via ng0 in
ipfw pipe 3000 config bw 1024Kbit/s queue 102Kbytes mask dst-ip 0x00000000
ipfw add 3001 pipe 3001 ip from any to any via ng0 out
ipfw pipe 3001 config bw 1024Kbit/s queue 102Kbytes mask dst-ip 0x00000000
Код: Выделить всё
--prefix=/usr/local/apache --enable-rewrite=shared
Код: Выделить всё
./configure --prefix=/usr/local/apache --enable-rewrite=shared
Код: Выделить всё
Configuring for Apache, Version 1.3.42
+ using installation path layout: Apache (config.layout)
configure:Error: invalid option ' --enable-rewrite=shared'
Код: Выделить всё
./configure --prefix=/usr/local/apache \ --enable-rewrite=shared
Код: Выделить всё
./configure --prefix=/usr/local/apache \--enable-rewrite=shared
Код: Выделить всё
Include /usr/local/abills/misc/apache/abills_httpd.conf
Код: Выделить всё
Starting apache22.
/usr/local/etc/rc.d/apache22: WARNING: failed to start apache22
Код: Выделить всё
[23/Apr/2010:16:40:51 +0700] "GET /" 400 456
нет. Просто начинаю что то делать пост рисую и тут получаетсяГость писал(а):постов себе набираешь?
хочешь в супер секретный раздел этого форума попасть?
Код: Выделить всё
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, admin@mail.ru and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Код: Выделить всё
[Fri Apr 23 17:04:21 2010] [error] [client 172.27.250.45] Compilation failed in require at /usr/local/abills/cgi-bin/admin/index.cgi line 26.
[Fri Apr 23 17:04:21 2010] [error] [client 172.27.250.45] Premature end of script headers: index.cgi
[Fri Apr 23 17:04:21 2010] [error] [client 172.27.250.45] File does not exist: /usr/local/abills/cgi-bin/favicon.ico
подскажите где копать?server# radiusd -fX
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
exec: wait = yes
exec: program = "/usr/local/abills/libexec/rauth.pl pre_auth"
exec: input_pairs = "request"
exec: output_pairs = "config"
exec: packet_type = "(null)"
Module: Instantiated exec (pre_auth)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded detail
detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
exec: wait = yes
exec: program = "/usr/local/abills/libexec/rauth.pl post_auth"
exec: input_pairs = "request"
exec: output_pairs = "config"
exec: packet_type = "(null)"
Module: Instantiated exec (post_auth)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:11177, id=185, length=239
NAS-Identifier = "kalinka.khab"
Message-Authenticator = 0x9cd7ebb392ad0193195b93bb153d0945
Acct-Session-Id = "2355836-rl0-2"
NAS-Port = 2
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "001aa0feaca5"
Called-Station-Id = ""
NAS-Port-Id = "rl0"
mpd-link = "rl0-2"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Client-Endpoint:0 = "00:1a:a0:fe:ac:a5"
User-Name = "user1"
MS-CHAP-Challenge = 0xbb1e683d622842846b3b799d117e93fe
MS-CHAP2-Response = 0x010059def6846d753af14b7e06644ecd43dc000000000000000016e0579e9cbc03902e585057f36550105037ee687ce2d531
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 0
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 0
Exec-Program output: User-Password == "123456"
Exec-Program-Wait: value-pairs: User-Password == "123456"
Exec-Program: returned: 0
modcall[authorize]: module "pre_auth" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Exec-Program output: Session-Timeout = 276564, Framed-IP-Address = 10.10.10.131, Framed-IP-Netmask = 255.255.255.255,
Exec-Program-Wait: value-pairs: Session-Timeout = 276564, Framed-IP-Address = 10.10.10.131, Framed-IP-Netmask = 255.255.255.255,
Exec-Program: returned: 0
Sending Access-Accept of id 185 to 127.0.0.1 port 11177
Session-Timeout = 276564
Framed-IP-Address = 10.10.10.131
Framed-IP-Netmask = 255.255.255.255
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
ну вообщета это ход мыслейГость писал(а):а с чего вы взяли что у вас что то с радиусом?