Jump to content
Local

lex.lviv

Сitizens
  • Content Count

    231
  • Joined

  • Last visited

  • Days Won

    1

lex.lviv last won the day on October 29 2011

lex.lviv had the most liked content!

Community Reputation

1 Обычный

About lex.lviv

  • Rank
    Точу Зубы
  • Birthday 10/17/1985

Информация

  • Пол
    Мужчина
  • Город
    Львів
  • Интересы
    Мережеві справи.
    Історична реконструкція.
    все як хоббі

Recent Profile Visitors

2529 profile views
  1. роблю будь якої складності з нуля. весь цикл починаючи від дизайну до беку php/C# є портфоліо
  2. Залишу відповідь, якщо таке в когось станеться 1. Дививмся в логи і бачим що матюкається на каволок іп адреси 2. Запускаэм мускулы переходемо до бази біллінга. Таблиця файли. Міняєм значення поля з текст на лонгтекст. 3. Перезавантажуэмось - все ок
  3. питай хоумнет, аірбайтс, киівстар..... якщо приватний сектор то хоумнет і аірбайтс
  4. дякую. як тут ніхто не порадить - піду туди питати ну, в цьому обговоренні описане подібне, правда називається по іншому. таки в мене в таблицю 126 недогружає файл(з колокалу.... зупиняється десь на уарівських адресах). Зараз спробую але смішно буде якщо проблема через це ПС Таки да.
  5. Перезібрав все на 9.3. Таки в 10 версіі був глюк з обладнанням програмний, потім ще виліз і апаратний у вигляді замучених вінтів.Поміняв. Поки ще не тестував, бо маю глюк з Ноденай - описав в розділі для маленьких
  6. Доброго дня. Далі ковиряюсь зі своім старим залізом.... Знайшов глюк на який поки гугл не підказав рішення(так подібних тем таки є зо дві, але рішення не побачив) отже Є абони з галкою завжди онлайн. Носервер не пуляє іх в 0 і 10 таблиці, тоді коли якщо авторизуємось через авторизатор(всі типи авторизаторів) все ок. Наступне, коли руками пересмикую любий параметр(авторизація-завжди онлайн, вимкнений-увімкнений, зміна тарифу) абон залітає у відповідні таблиці відразу і все ок Наступне, коли базі роблю Апдейт таб юзерс...... також відразу схавує абонів в тому режимі Робив навіть МУскульний дебуг - скрипти нормально говорять з базою. не знаю де копати Версія ноденай(ту що відгріб зі старого бекапа є 50.32) іпфв після рестарту. 172,16/16 статика(завжди онлайн) 10,0,0,0/8 пппое\впн ipfw table all list ---table(0)--- 10.0.0.12/32 0 ---table(1)--- 10.0.0.12/32 0 172.16.0.4/32 0 172.16.0.8/32 0 172.16.0.17/32 0 172.16.0.21/32 0 172.16.0.94/32 0 172.16.0.96/32 0 172.16.0.97/32 0 172.16.0.99/32 0 172.16.0.105/32 0 172.16.0.112/32 0 172.16.0.113/32 0 172.16.0.115/32 0 172.16.0.121/32 0 172.16.0.124/32 0 172.16.0.129/32 0 172.16.0.134/32 0 172.16.0.140/32 0 172.16.0.141/32 0 172.16.0.152/32 0 172.16.0.157/32 0 172.16.0.173/32 0 172.16.0.176/32 0 172.16.0.187/32 0 172.16.0.209/32 0 172.16.0.240/32 0 172.16.0.246/32 0 172.16.0.254/32 0 172.16.1.5/32 0 172.16.1.62/32 0 172.16.255.254/32 0 ---table(2)--- 10.0.0.10/32 0 10.0.0.12/32 0 10.10.10.19/32 0 10.10.30.2/32 0 10.10.30.3/32 0 10.10.40.3/32 0 10.10.40.4/32 0 10.10.40.5/32 0 10.10.40.6/32 0 10.10.40.7/32 0 10.10.40.8/32 0 10.10.50.2/32 0 10.10.50.3/32 0 10.10.50.6/32 0 10.10.50.9/32 0 10.10.50.10/32 0 10.10.50.11/32 0 10.10.50.13/32 0 172.16.0.4/32 0 172.16.0.8/32 0 172.16.0.17/32 0 172.16.0.21/32 0 172.16.0.94/32 0 172.16.0.95/32 0 172.16.0.96/32 0 172.16.0.97/32 0 172.16.0.99/32 0 172.16.0.102/32 0 172.16.0.105/32 0 172.16.0.112/32 0 172.16.0.113/32 0 172.16.0.115/32 0 172.16.0.121/32 0 172.16.0.124/32 0 172.16.0.129/32 0 172.16.0.133/32 0 172.16.0.134/32 0 172.16.0.140/32 0 172.16.0.141/32 0 172.16.0.152/32 0 172.16.0.157/32 0 172.16.0.166/32 0 172.16.0.173/32 0 172.16.0.176/32 0 172.16.0.182/32 0 172.16.0.187/32 0 172.16.0.195/32 0 172.16.0.202/32 0 172.16.0.209/32 0 172.16.0.210/32 0 172.16.0.215/32 0 172.16.0.218/32 0 172.16.0.219/32 0 172.16.0.240/32 0 172.16.0.246/32 0 172.16.0.254/32 0 172.16.1.5/32 0 172.16.1.62/32 0 172.16.2.2/32 0 172.16.255.254/32 0 ---table(10)--- 10.0.0.12/32 1072 ---table(11)--- 10.0.0.12/32 1073 ---table(20)--- 10.0.0.12/32 1 ---table(21)--- 10.0.0.12/32 1 ---table(35)--- 10.0.0.10/32 0 ---table(120)--- 224.0.0.0/4 0 от абонент на статиці через пппое заліз root@gw:/usr/home/test # ipfw table 0 list 172.16.0.134/32 0 root@gw:/usr/home/test # ipfw table 10 list 172.16.0.134/32 1032 дебуг мускла 140921 15:52:07 1 Connect bill_kernel@localhost on bill 1 Query SET NAMES cp1251 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 1 Query SELECT uid,test FROM users_trf WHERE test>0 140921 15:52:15 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 1 Query SELECT uid,test FROM users_trf WHERE test>0 140921 15:52:18 2 Connect bill_kernel@localhost on bill 2 Query SET NAMES cp1251 2 Query SELECT users.id AS id, users.ip AS ip, pays.category AS category , users.grp, pays.reason FROM users INNER JOIN pays ON (pays.category = 490 || pays.category = 496) && ( users.id = pays.mid or users.mid = pays.mid && LOCATE(users.grp, pays.reason)!=0 ) && (SELECT COUNT(m_confirm.id) FROM `m_confirm` WHERE m_confirm.Mid=users.id && mess=pays.id )=0 GROUP BY users.id 2 Query SELECT field_alias,field_value FROM dopdata WHERE parent_type=0 AND template_num=1 AND parent_id=6 AND revision=(SELECT MAX(revision) FROM dopdata WHERE parent_type=0 AND template_num=1 AND parent_id=6) 140921 15:52:23 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 1 Query SELECT uid,test FROM users_trf WHERE test>0 140921 15:52:31 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 1 Query SELECT uid,test FROM users_trf WHERE test>0 140921 15:52:39 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 1 Query SELECT uid,test FROM users_trf WHERE test>0 140921 15:52:47 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 1 Query SELECT uid,test FROM users_trf WHERE test>0 140921 15:52:50 2 Query SELECT users.id AS id, users.ip AS ip, pays.category AS category , users.grp, pays.reason FROM users INNER JOIN pays ON (pays.category = 490 || pays.category = 496) && ( users.id = pays.mid or users.mid = pays.mid && LOCATE(users.grp, pays.reason)!=0 ) && (SELECT COUNT(m_confirm.id) FROM `m_confirm` WHERE m_confirm.Mid=users.id && mess=pays.id )=0 GROUP BY users.id 2 Query SELECT field_alias,field_value FROM dopdata WHERE parent_type=0 AND template_num=1 AND parent_id=6 AND revision=(SELECT MAX(revision) FROM dopdata WHERE parent_type=0 AND template_num=1 AND parent_id=6) 140921 15:52:55 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT parent_id,MAX(revision) AS r FROM dopdata WHERE parent_type=0 AND template_num=1 GROUP BY parent_id 1 Query SELECT SQL_BUFFER_RESULT * FROM nets ORDER BY priority 1 Query SELECT SQL_BUFFER_RESULT * FROM plans2 1 Query SELECT SQL_BUFFER_RESULT data FROM files WHERE name='/usr/local/nodeny/prefixes.txt' 1 Query SELECT SQL_BUFFER_RESULT data FROM files WHERE name='/usr/local/nodeny/lan_ip.txt' 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' 1 Query SELECT uid,test FROM users_trf WHERE test>0 1 Query SELECT time FROM conf_sat WHERE login='bill_kernel' AND time<>1315685681 LIMIT 1 140921 15:53:03 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 1 Query SELECT uid,test FROM users_trf WHERE test>0 140921 15:53:11 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 1 Query SELECT uid,test FROM users_trf WHERE test>0 140921 15:53:19 1 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 1 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 1 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 1 Query SELECT uid,test FROM users_trf WHERE test>0 140921 15:53:22 2 Query SELECT users.id AS id, users.ip AS ip, pays.category AS category , users.grp, pays.reason FROM users INNER JOIN pays ON (pays.category = 490 || pays.category = 496) && ( users.id = pays.mid or users.mid = pays.mid && LOCATE(users.grp, pays.reason)!=0 ) && (SELECT COUNT(m_confirm.id) FROM `m_confirm` WHERE m_confirm.Mid=users.id && mess=pays.id )=0 GROUP BY users.id 1Help 2UnWrap 3Quit 4Hex 5Goto 6 7Search 8Raw 9Format 10Quit але потім коли доповз до кінця лога почало мене дивувати таке /var/db/mysql/mysql.log 3227248/3156K 99% 602 Query SELECT * FROM dblogin WHERE id>0 AND time>(unix_timestamp()-120) ORDER BY id DESC 140921 18:11:01 602 Query SELECT * FROM dblogin WHERE id>0 AND time>(unix_timestamp()-120) ORDER BY id DESC 602 Query SELECT * FROM dblogin WHERE id>0 AND time>(unix_timestamp()-120) ORDER BY id DESC 16 Query SELECT SQL_BUFFER_RESULT uid,options FROM users_trf WHERE options<>'' 16 Query SELECT SQL_BUFFER_RESULT uid,uip,now_on,in1,out1 FROM users_trf 16 Query SELECT SQL_BUFFER_RESULT id,mid,ip,auth,lstate,paket FROM users WHERE state<>'off' AND auth<>'off' AND (auth<>'no' OR lstate<>0) 16 Query SELECT uid,test FROM users_trf WHERE test>0 140921 18:11:02 602 Query SELECT * FROM dblogin WHERE id>0 AND time>(unix_timestamp()-120) ORDER BY id DESC 20 Query INSERT INTO traf_info (time,cod,data1) VALUES(1411312255,2,'0.0') 606 Connect bill_kernel@localhost on bill 606 Query SET NAMES cp1251 605 Quit 140921 18:11:03 607 Connect bill_kernel@localhost on bill 607 Query SET NAMES cp1251 606 Quit 607 Query CREATE TABLE IF NOT EXISTS v2014x9x21 ( `time` mediumint(8) unsigned NOT NULL default '0', `mid` mediumint(8) unsigned NOT NULL default '0', `flows_in` mediumint(8) unsigned NOT NULL default '0', `flows_out` mediumint(8) unsigned NOT NULL, `flows_reg` mediumint(8) unsigned NOT NULL default '0', `bytes` int(10) unsigned NOT NULL default '0', `bytes_reg` int(10) unsigned NOT NULL default '0', `detail` tinyint(3) unsigned NOT NULL default '0', KEY `time` (`time`), KEY `mid` (`mid`) ) ENGINE=MyISAM 607 Query CREATE TABLE IF NOT EXISTS z2014x9x21 ( `mid` mediumint(9) NOT NULL default '0', `time` mediumint(8) unsigned NOT NULL default '0', `bytes` int(10) unsigned NOT NULL, `direction` tinyint(4) NOT NULL, `ip` int(10) unsigned NOT NULL, `port` smallint(5) unsigned NOT NULL, `proto` smallint(5) unsigned NOT NULL, KEY `time` (`time`) ) ENGINE=MyISAM 607 Query CREATE TABLE IF NOT EXISTS x2014x9x21 ( `mid` mediumint(9) NOT NULL default '0', `time` int(11) NOT NULL default '0', `class` tinyint(4) NOT NULL default '0', `in` bigint(20) unsigned NOT NULL default '0', `out` bigint(20) unsigned NOT NULL default '0', KEY `mid` (`mid`), KEY `time` (`time`) ) ENGINE=MyISAM 607 Query CREATE TABLE IF NOT EXISTS y2014x9x21 ( `mid` mediumint(9) NOT NULL default '0', `time` int(11) NOT NULL default '0', `class` tinyint(4) NOT NULL default '0', `in` bigint(20) unsigned NOT NULL default '0', `out` bigint(20) unsigned NOT NULL default '0', KEY `mid` (`mid`), KEY `time` (`time`) ) ENGINE=MyISAM 20 Query INSERT INTO traf_info (time,cod,data1) VALUES(1411312255,1,'0') 20 Query INSERT INTO traf_info (time,cod,data1) VALUES(1411312255,8,'127.0.0.1: 173 ') 20 Query INSERT INTO traf_info (time,cod,data1) VALUES(1411312255,5,'0') 20 Query INSERT INTO traf_info (time,cod,data1) VALUES(1411312255,3,'1.0') 20 Query SELECT uid,in1,in2,in3,in4,out1,out2,out3,out4,options FROM users_trf 1Help 2UnWrap 3Quit 4Hex 5Goto 6 7Search 8Raw 9Format 10Quit 606 кверь? ну, і про всяк випадок права користувача SHOW GRANTS FOR 'bill_kernel'@'localhost'; +--------------------------------------------------------------------------------------------------------------------+ | Grants for bill_kernel@localhost | +--------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'bill_kernel'@'localhost' IDENTIFIED BY PASSWORD '*CCB602032B36BE7485EA993134968659FED1C971' | | GRANT ALL PRIVILEGES ON `bill`.* TO 'bill_kernel'@'localhost' WITH GRANT OPTION | +--------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) Ткніть де поритися, бо вже третій день бавлюся. Вельми вдячний
  7. Певно таки поставлю 9 фряху. Тут в упор якась проблума і все. Може дійсно в залізі щось не те Всежтаки дякую за допомогу
  8. подумав, а може карта глючна. щойно запусив набортову. наразі граф за ніч. в якості клієнта поставив сідбокс
  9. ок. приступаю. наразі як 4 години тому почало рвати
  10. рекомендують мені зпригнути на 9 версію. але самому цікаво в чому завтик uptime 9:32AM up 19:30, 2 users, load averages: 0.44, 0.32, 0.22 поки політ з вечора нормальной
  11. FreeBSD gw.west-ua.net 10.0-RELEASE FreeBSD 10.0-RELEASE #2: Tue Sep 2 11:33:45 EEST 2014 test@gw.west-ua.net:/usr/src/sys/i386/compile/NODENY i386 про всяк випадок - з чим ядро зібрав options IPFIREWALL options IPDIVERT options DUMMYNET #options IPFIREWALL_FORWARD #options SCHED_ULE options ROUTETABLES=2 HZ=1000 options ALTQ options ALTQ_CBQ # Class Based Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) рс.фаєрволл тут троха прокоментую. самому файлу років з сім якщо не більше(пережив він купи різних біллінгів). просто пререносився з одноі системи на іншу при апгрейдах і відповідно доповнювався, так що сміття там достатньо. Останній перенос - з фряхи 7ю4 яка вирішила вмерти(хоча бекапи є, але стабільно дохне через місяць-два роботи) ем1 - мав бути(ну і був) основний канал бгє0 - мав бути резервним+маршрутизація в уаікс нати від староі конфігураціі залишилися. не задіяні #!/bin/sh - f='/sbin/ipfw' #/sbin/natd -u -p 8671 -a 192.168.0.2 #/sbin/natd -u -p 8672 -a 192.168.1.2 ifOut='em1' ifOut1='bge0' # ▒▒▒▒, ▒/▒▒ ▒▒▒▒▒▒▒ ▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒ ${f} table 120 flush ${f} table 120 add 224.0.0.0/4 #${f} table 120 add 192.168.0.0/16 #${f} table 120 add 172.16.0.0/16 ${f} -f flush #${f} table 37 flush #${f} add 30 allow ip from 172.16.0.207 to me via ${ifout} #${f} add 31 allow ip from me to 172.16.0.207 via ${ifout} #========================SSH============================ ${f} add 40 allow tcp from any to me 22 ${f} add 41 allow tcp from me 22 to any #${f} add 46 allow tcp from 195.42.130.150 to me 22 #${f} add 47 allow tcp from me 22 to 195.42.130.150 #${f} add 48 allow tcp from 195.42.130.217 to me 22 #${f} add 49 allow tcp from me 22 to 195.42.130.217 #${f} add 50 allow tcp from 178.212.240.0/25 to me 22 #${f} add 51 allow tcp from me 22 to 178.212.240.0/25 #=================Satelit-radius======================== ${f} add 56 allow udp from me 1812 to any ${f} add 57 allow udp from any to me 1812 ${f} add 58 allow udp from me 1813 to any ${f} add 59 allow udp from any to me 1813 #=======Simple Network Management Protocol============= #${f} add 60 allow ip from 195.42.130.217 to me 161 #=================IpCAD-satalit========================== #${f} add 71 allow tcp from 195.42.130.217 to me 512-1023 #=====================UA-IX============================ #${f} add 77 divert 8672 ip from "table(0)" to "table(126)" #${f} add 78 fwd 192.168.1.1 ip from 192.168.1.2 to "table(126)" #${f} add 79 divert 8672 ip from any to 192.168.1.2 via em1 ${f} add 80 count ip from any to "table(126)" out ${f} add 81 count ip from "table(126)" to any out #=====================World============================ #${f} add 82 divert 8671 ip from "table(0)" to "table(10)" #${f} add 83 fwd 192.168.0.1 ip from 192.168.0.2 to "table(10)" #${f} add 84 divert 8671 ip from any to 192.168.0.2 via em1 ${f} add 86 count ip from any to "table(10)" out ${f} add 87 count ip from "table(10)" to any out #===================dbForgeSudio======================= #${f} add 90 allow tcp from any to any 3306 #=======================VPN============================ ${f} add 95 allow tcp from any to any 1723 ${f} add 96 allow gre from any to any #=====================Web-Admin======================== #${f} add 97 allow tcp from any to me 8000 #${f} add 98 allow tcp from me 8000 to any #====================================================== ${f} add 100 deny tcp from any to any 445 ${f} add 110 allow ip from any to any via lo0 #==================▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒ NoDeny===================== #${f} add 111 pipe 1 ip from "table(2)" to "table(46)" in #${f} add 112 pipe 2 ip from "table(46)" to "table(2)" out #${f} pipe 1 config bw 1024Kbit/s #${f} pipe 2 config bw 1024Kbit/s #${f} add 113 allow ip from "table(2)" to "table(46)" #============================================================================= ${f} add 120 skipto 1000 ip from me to any ${f} add 130 deny icmp from any to any in icmptype 5,9,13,14,15,16,17 ${f} add 140 deny ip from any to "table(120)" ${f} add 150 deny ip from "table(120)" to any ${f} add 160 skipto 2000 ip from any to me ${f} add 200 skipto 500 ip from any to any via ${ifOut} ${f} add 201 skipto 500 ip from any to any via ${ifOut1} #==================▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒ NoDeny===================== ${f} add 270 deny tcp from not "table(0)" to 90.183.101.0/24 ${f} add 280 fwd 127.0.0.1,8081 tcp from "table(35)" to not me dst-port 80 in ${f} add 290 fwd 127.0.0.1,8082 tcp from not "table(0)" to not me dst-port 80 in #============================================================================= ${f} add 300 skipto 4500 ip from any to any in ${f} add 400 skipto 450 ip from any to any recv ${ifOut} ${f} add 401 skipto 450 ip from any to any recv ${ifOut1} ${f} add 420 tee 1 ip from any to any ${f} add 450 tee 2 ip from any to any ${f} add 490 allow ip from any to any ${f} add 500 skipto 32500 ip from any to any in ${f} add 510 tee 1 ip from any to any ${f} add 540 allow ip from any to any ${f} add 1000 allow udp from any 53,7723 to any ${f} add 1010 allow tcp from any to any setup keep-state ${f} add 1020 allow udp from any to any keep-state ${f} add 1100 allow ip from any to any ${f} add 2000 check-state #=============================-Ping-========================================== #${f} add 2001 allow icmp from any to any icmptype 8 #${f} add 2002 allow icmp from any to any icmptype 0 ${f} add 2010 allow icmp from any to any #============================================================================= ${f} add 2020 allow tcp from any to any 80,443 ${f} add 2025 allow tcp from any to any 80,5006 ${f} add 2050 deny ip from any to any via ${ifOut} ${f} add 2051 deny ip from any to any via ${ifOut1} ${f} add 2060 allow udp from any to any 53,7723 ${f} add 2100 deny ip from any to any ${f} add 32490 deny ip from any to any пф.конф коментарене, те що було, також брутально здублював із староі системи #set limit states 3000000 #set limit frags 5000 #set limit src-nodes 25000 #set limit table-entries 300000 #set optimization aggressive #nat pass on em1 from 10.0.0.0/8 to any -> em1 #nat pass on em1 from 172.16.0.0/16 to any -> em1 #nat pass on em1 from 192.168.0.0/16 to any -> em1 #nat pass on bge0 from 10.0.0.0/8 to any -> bge0 #nat pass on bge0 from 172.16.0.0/16 to any -> bge0 #nat pass on bge0 from 192.168.0.0/16 to any -> bge0 set skip on lo set limit states 3000000 set optimization normal set timeout { tcp.closing 60, tcp.established 7200} set limit table-entries 300000 set limit src-nodes 25000 scrub in on bge0 all fragment reassemble scrub out on bge0 all fragment reassemble random-id no-df nat pass on bge0 from 10.0.0.0/8 to any -> bge0 nat pass on bge0 from 172.16.0.0/16 to any -> bge0 nat pass on bge0 from 192.168.0.0/16 to any -> bge0 рц.конф #static_routes="net1 net2 net3 net4 net5 net6 net7 net8 net9" #route_net1="-net 77.120.115.0/24 172.31.1.1" #route_net2="-net 46.182.85.0/24 172.31.1.1" #route_net3="-net 91.238.192.0/24 172.31.1.1" #route_net4="-net 62.244.0.0/18 172.31.1.1" #route_net5="-net 173.194/16 172.31.1.1" #route_net6="-net 64.15.112.0/20 172.31.1.1" #route_net7="-net 208.65.152.0/22 172.31.1.1" #route_net8="-net 208.117.224.0/19 172.31.1.1" #route_net9="-net 213.133.190.0/24 172.31.1.1" defaultrouter="172.31.1.1" hostname="gw.якийсь хост" #lan ifconfig_em0="inet 10.0.0.1 netmask 255.0.0.0" пппое ifconfig_em0_alias0="inet 172.16.0.1 netmask 255.255.0.0" клієнт статичний ifconfig_em0_alias1="inet 192.168.88.253 netmask 255.255.255.0" для розмови з обладнанням #net ifconfig_em1="inet 194.44.страшний уар netmask 255.255.255.252" основна дзюра ifconfig_bge0="inet 172.31.1.2 netmask 255.255.255.0" резерв firewall_enable="YES" gateway_enable="YES" pf_enable="YES" pf_rules="/etc/pf.conf" sshd_enable="YES" fsck_y_enable="YES" background_fsck="NO" mysql_enable="YES" apache22_enable="YES" radiusd_enable="YES" mpd_enable=YES named_enable="YES" ipcad_enable="YES" snmpd_enable="YES" smartd_enable="YES" ntpd_enable="YES" ntpd_sync_on_start="YES" ntpd_flags="-c /etc/ntp.conf -l /var/log/ntpd.log -p /var/run/ntpd.pid" #/sbin/kldload accf_http smartd_enable="YES" named_flags="-u bind -g bind"
  12. cat /boot/loader.conf geom_mirror_load="YES" pf_load="YES" dummynet_load="YES" ipdivert_load="YES" ipfw_load="YES" sysctl.conf порожній. зараз попробую. якраз почало підгальмовувати
  13. щойно робив перезавантаження пф. бо навіть відповідь через форму форума залипла..... перезавантажив з новими правилами і зараз ніби бігає root@gw:/usr/home/test # pfctl -sm states hard limit 3000000 src-nodes hard limit 25000 frags hard limit 5000 table-entries hard limit 300000 root@gw:/usr/home/test # pfctl -si Status: Enabled for 0 days 00:02:14 Debug: Urgent State Table Total Rate current entries 81 searches 72409 540.4/s inserts 2531 18.9/s removals 2450 18.3/s Counters match 47171 352.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 0 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s root@gw:/usr/home/test # pfctl -si | grep memory memory 0 0.0/s
  14. от знову зафтик. було таке. поправив по Вашим порадам root@gw:/usr/home/test # pfctl -sm states hard limit 1280000 src-nodes hard limit 10000 frags hard limit 5000 table-entries hard limit 200000 root@gw:/usr/home/test # pfctl -si Status: Enabled for 0 days 19:20:28 Debug: Urgent State Table Total Rate current entries 1377 searches 70479325 1012.2/s inserts 1403274 20.2/s removals 1403927 20.2/s Counters match 44574571 640.2/s bad-offset 0 0.0/s fragment 0 0.0/s short 6 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 47 0.0/s state-insert 34 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s root@gw:/usr/home/test # pfctl -si | grep memory memory 0 0.0/s root@gw:/usr/home/test # ee /etc/pf.conf set limit states 3000000 set limit frags 5000 set limit src-nodes 25000 set limit table-entries 300000 set optimization aggressive nat pass on bge0 from 10.0.0.0/8 to any -> bge0 nat pass on bge0 from 172.16.0.0/16 to any -> bge0 nat pass on bge0 from 192.168.0.0/16 to any -> bge0
  15. all udp 172.31.1.2:58390 (172.16.0.152:6881) -> 213.242.29.254:6881 MULTIPLE:MULTIPLE all tcp 172.31.1.2:57901 (172.16.0.140:3152) -> 95.142.205.81:80 ESTABLISHED:ESTABLISHED all tcp 172.31.1.2:61482 (172.16.1.5:50582) -> 54.231.10.224:80 ESTABLISHED:ESTABLISHED all tcp 172.31.1.2:51392 (172.16.1.5:50583) -> 54.231.10.224:80 ESTABLISHED:ESTABLISHED all tcp 172.31.1.2:56800 (172.16.0.152:26274) -> 87.240.131.99:443 ESTABLISHED:FIN_WAIT_2 all tcp 172.31.1.2:50027 (172.16.0.152:26276) -> 87.240.131.117:443 ESTABLISHED:FIN_WAIT_2 all tcp 172.31.1.2:54673 (172.16.0.152:26280) -> 87.240.131.117:443 ESTABLISHED:FIN_WAIT_2 all udp 172.31.1.2:51467 (172.16.0.152:6881) -> 2.93.47.196:6881 MULTIPLE:MULTIPLE all udp 172.31.1.2:55750 (172.16.0.176:20757) -> 31.8.196.191:44063 MULTIPLE:MULTIPLE all udp 172.31.1.2:58295 (172.16.0.152:6881) -> 2.92.26.223:6881 MULTIPLE:MULTIPLE all udp 172.31.1.2:60716 (172.16.1.5:57787) -> 77.244.34.132:62992 SINGLE:NO_TRAFFIC all udp 172.31.1.2:60520 (172.16.1.5:52761) -> 192.168.1.184:54693 SINGLE:NO_TRAFFIC all udp 172.31.1.2:64678 (172.16.1.5:52761) -> 46.164.170.74:54693 SINGLE:NO_TRAFFIC all udp 172.31.1.2:63322 (172.16.1.5:55907) -> 46.164.170.74:54693 SINGLE:NO_TRAFFIC all udp 172.31.1.2:51796 (172.16.0.152:6881) -> 5.105.100.38:6882 MULTIPLE:MULTIPLE all tcp 172.31.1.2:56664 (172.16.0.187:64365) -> 50.7.188.18:80 ESTABLISHED:ESTABLISHED all tcp 172.31.1.2:55946 (172.16.0.209:51022) -> 173.194.112.41:80 ESTABLISHED:ESTABLISHED all udp 172.31.1.2:52286 (172.16.0.152:6881) -> 89.251.148.56:60444 MULTIPLE:MULTIPLE all udp 172.31.1.2:64147 (172.16.0.187:55100) -> 94.245.121.253:3544 MULTIPLE:MULTIPLE all tcp 172.31.1.2:60499 (172.16.0.209:58576) -> 87.240.131.120:80 ESTABLISHED:ESTABLISHED all udp 172.31.1.2:61040 (172.16.1.5:52761) -> 192.168.0.103:53945 SINGLE:NO_TRAFFIC all udp 172.31.1.2:50019 (172.16.1.5:52761) -> 176.226.143.8:53945 SINGLE:NO_TRAFFIC all udp 172.31.1.2:51702 (172.16.1.5:61891) -> 176.226.143.8:53945 SINGLE:NO_TRAFFIC all udp 172.31.1.2:62536 (172.16.1.5:52761) -> 192.168.0.103:56456 SINGLE:NO_TRAFFIC all udp 172.31.1.2:62822 (172.16.1.5:52761) -> 176.104.123.34:56456 SINGLE:NO_TRAFFIC all udp 172.31.1.2:53379 (172.16.1.5:52761) -> 192.168.0.100:61288 SINGLE:NO_TRAFFIC all udp 172.31.1.2:60352 (172.16.1.5:52761) -> 178.71.159.117:61288 SINGLE:NO_TRAFFIC all tcp 172.31.1.2:61587 (172.16.0.209:33072) -> 87.240.141.191:80 ESTABLISHED:ESTABLISHED all tcp 172.31.1.2:64471 (172.16.0.140:3180) -> 95.142.205.83:80 ESTABLISHED:ESTABLISHED INFO: Status: Enabled for 0 days 03:36:36 Debug: Urgent State Table Total Rate current entries 2643 searches 24587378 1891.9/s inserts 313973 24.2/s removals 311744 24.0/s Counters match 15753373 1212.2/s bad-offset 0 0.0/s fragment 0 0.0/s short 3 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 1 0.0/s state-insert 3 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s TIMEOUTS: tcp.first 30s tcp.opening 5s tcp.established 18000s tcp.closing 60s tcp.finwait 30s tcp.closed 30s tcp.tsdiff 10s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 768000 states adaptive.end 1536000 states src.track 0s LIMITS: states hard limit 1280000 src-nodes hard limit 10000 frags hard limit 5000 table-entries hard limit 200000 OS FINGERPRINTS: 710 fingerprints loaded Завтра погляну що змінилось. але на ранок знову буде глюки. Ще попробую по інструкціі поданій вище. цікаво.....
×