QinQ+радиус
Re: QinQ+радиус
proxy-arp включи в конфиге
Re: QinQ+радиус
Все стабильно работает уже больше 2 суток)) Сегодня заметил что как включаю iptables появилась следующая ошибка
[2015-01-28 16:18:18.693] cli: tcp: new connection from 127.0.0.1
[2015-01-28 16:18:18.693] cli: disconnect
вот правила.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT !-s 94.x.x.x/24 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 94.x.x.x/20 -j ACCEPT
iptables -A INPUT -s 94.x.x.x/30 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
[2015-01-28 16:18:18.693] cli: tcp: new connection from 127.0.0.1
[2015-01-28 16:18:18.693] cli: disconnect
вот правила.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT !-s 94.x.x.x/24 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 94.x.x.x/20 -j ACCEPT
iptables -A INPUT -s 94.x.x.x/30 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
Re: QinQ+радиус
Это не ошибка. Данная запись говорит, что был осуществлен доступ к командной строке accel-pppd. Также это могло показать при использовании accel-cmd.mugur1 wrote:Все стабильно работает уже больше 2 суток)) Сегодня заметил что как включаю iptables появилась следующая ошибка
[2015-01-28 16:18:18.693] cli: tcp: new connection from 127.0.0.1
[2015-01-28 16:18:18.693] cli: disconnect
Re: QinQ+радиус
Да в это время вызывал accel-cmd. А почему при iptables -A INPUT -i lo -j ACCEPT он отрубает его?
Также при iptables не подключаются сессии.
Также при iptables не подключаются сессии.
Re: QinQ+радиус
Исправил добавлением -A INPUT -p udp -m multiport --ports 67:68 -j ACCEPT
Re: QinQ+радиус
Начал тестировать c ip unnembered=1. Раздаю сеть /29 Первый клиент подключается, а второй подключение идет после нескольких минут
В логах заметил следующее
[2015-02-04 14:14:22.640] eth0.47.48: : recv [DHCPv4 Discover xid=b968017e chaddr=94
80:bc:e0:70 <Message-Type Discover> <Client-ID 0194de80bce070> <Host-Name Samsung> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-02-04 14:14:22.640] eth0.47.48: da724d005164fe76: send [RADIUS(1) Access-Request id=1 <User-Name "eth0.47.48"> <NAS-Identifier "IPOE test"> <NAS-IP-Address 94.230.240.44> <NAS-Port 6> <NAS-Port-Id "eth0.47.48"> <NAS-Port-Type Ethernet> <Calling-Station-Id "9480:bc:e0:70"> <Called-Station-Id "eth0.47.48"> <Acct-Session-Id "da724d005164fe76"> <User-Password >]
[2015-02-04 14:14:22.648] eth0.47.48: da724d005164fe76: recv [RADIUS(1) Access-Accept id=1 <Session-Timeout 0> <Service-Type Framed-User> <Framed-Protocol PPP> <Framed-IP-Address 94.230.240.132> <Framed-IP-Netmask 255.255.255.255> <Class > <Acct-Interim-Interval 60>]
[2015-02-04 14:14:22.649] eth0.47.48: da724d005164fe76: eth0.47.48: authentication succeeded
[2015-02-04 14:14:22.649] eth0.47.48: da724d005164fe76: can't determine router address
[2015-02-04 14:14:22.649] eth0.47.48: da724d005164fe76: terminate
[2015-02-04 14:14:22.649] eth0.47.48: da724d005164fe76: ipoe: session finished
[2015-02-04 14:14:29.965] connlimit: check entry 6
[2015-02-04 14:14:29.965] connlimit: accept 6
[2015-02-04 14:14:29.965] eth0.47.48: : recv [DHCPv4 Discover xid=b968017e chaddr=9480:bc:e0:70 <Message-Type Discover> <Client-ID 0194de80bce070> <Host-Name Samsung> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-02-04 14:14:29.966] eth0.47.48: da724d005164fe77: send [RADIUS(1) Access-Request id=1 <User-Name "eth0.47.48"> <NAS-Identifier "IPOE test"> <NAS-IP-Address 94.230.240.44> <NAS-Port 6> <NAS-Port-Id "eth0.47.48"> <NAS-Port-Type Ethernet> <Calling-Station-Id "9480:bc:e0:70"> <Called-Station-Id "eth0.47.48"> <Acct-Session-Id "da724d005164fe77"> <User-Password >]
[2015-02-04 14:14:29.971] eth0.47.48: da724d005164fe77: recv [RADIUS(1) Access-Reject id=1]
[2015-02-04 14:14:29.971] eth0.47.48: da724d005164fe77: terminate
[2015-02-04 14:14:29.972] eth0.47.48: da724d005164fe77: ipoe: session finished
[2015-02-04 14:14:41.218] connlimit: check entry 6
[2015-02-04 14:14:41.218] connlimit: accept 6
[2015-02-04 14:14:41.218] eth0.47.48: : recv [DHCPv4 Discover xid=12b3135a chaddr=9480:bc:e0:70 <Message-Type Discover> <Client-ID 0194de80bce070> <Host-Name Samsung> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-02-04 14:14:41.218] eth0.47.48: da724d005164fe78: send [RADIUS(1) Access-Request id=1 <User-Name "eth0.47.48"> <NAS-Identifier "IPOE test"> <NAS-IP-Address 94.230.240.44> <NAS-Port 6> <NAS-Port-Id "eth0.47.48"> <NAS-Port-Type Ethernet> <Calling-Station-Id "9480:bc:e0:70"> <Called-Station-Id "eth0.47.48"> <Acct-Session-Id "da724d005164fe78"> <User-Password >]
[2015-02-04 14:14:41.224] eth0.47.48: da724d005164fe78: recv [RADIUS(1) Access-Reject id=1]
[2015-02-04 14:14:41.225] eth0.47.48: da724d005164fe78: terminate
[2015-02-04 14:14:41.225] eth0.47.48: da724d005164fe78: ipoe: session finished
В логах заметил следующее
[2015-02-04 14:14:22.640] eth0.47.48: : recv [DHCPv4 Discover xid=b968017e chaddr=94
80:bc:e0:70 <Message-Type Discover> <Client-ID 0194de80bce070> <Host-Name Samsung> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>][2015-02-04 14:14:22.640] eth0.47.48: da724d005164fe76: send [RADIUS(1) Access-Request id=1 <User-Name "eth0.47.48"> <NAS-Identifier "IPOE test"> <NAS-IP-Address 94.230.240.44> <NAS-Port 6> <NAS-Port-Id "eth0.47.48"> <NAS-Port-Type Ethernet> <Calling-Station-Id "94
80:bc:e0:70"> <Called-Station-Id "eth0.47.48"> <Acct-Session-Id "da724d005164fe76"> <User-Password >][2015-02-04 14:14:22.648] eth0.47.48: da724d005164fe76: recv [RADIUS(1) Access-Accept id=1 <Session-Timeout 0> <Service-Type Framed-User> <Framed-Protocol PPP> <Framed-IP-Address 94.230.240.132> <Framed-IP-Netmask 255.255.255.255> <Class > <Acct-Interim-Interval 60>]
[2015-02-04 14:14:22.649] eth0.47.48: da724d005164fe76: eth0.47.48: authentication succeeded
[2015-02-04 14:14:22.649] eth0.47.48: da724d005164fe76: can't determine router address
[2015-02-04 14:14:22.649] eth0.47.48: da724d005164fe76: terminate
[2015-02-04 14:14:22.649] eth0.47.48: da724d005164fe76: ipoe: session finished
[2015-02-04 14:14:29.965] connlimit: check entry 6
[2015-02-04 14:14:29.965] connlimit: accept 6
[2015-02-04 14:14:29.965] eth0.47.48: : recv [DHCPv4 Discover xid=b968017e chaddr=94
80:bc:e0:70 <Message-Type Discover> <Client-ID 0194de80bce070> <Host-Name Samsung> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>][2015-02-04 14:14:29.966] eth0.47.48: da724d005164fe77: send [RADIUS(1) Access-Request id=1 <User-Name "eth0.47.48"> <NAS-Identifier "IPOE test"> <NAS-IP-Address 94.230.240.44> <NAS-Port 6> <NAS-Port-Id "eth0.47.48"> <NAS-Port-Type Ethernet> <Calling-Station-Id "94
80:bc:e0:70"> <Called-Station-Id "eth0.47.48"> <Acct-Session-Id "da724d005164fe77"> <User-Password >][2015-02-04 14:14:29.971] eth0.47.48: da724d005164fe77: recv [RADIUS(1) Access-Reject id=1]
[2015-02-04 14:14:29.971] eth0.47.48: da724d005164fe77: terminate
[2015-02-04 14:14:29.972] eth0.47.48: da724d005164fe77: ipoe: session finished
[2015-02-04 14:14:41.218] connlimit: check entry 6
[2015-02-04 14:14:41.218] connlimit: accept 6
[2015-02-04 14:14:41.218] eth0.47.48: : recv [DHCPv4 Discover xid=12b3135a chaddr=94
80:bc:e0:70 <Message-Type Discover> <Client-ID 0194de80bce070> <Host-Name Samsung> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>][2015-02-04 14:14:41.218] eth0.47.48: da724d005164fe78: send [RADIUS(1) Access-Request id=1 <User-Name "eth0.47.48"> <NAS-Identifier "IPOE test"> <NAS-IP-Address 94.230.240.44> <NAS-Port 6> <NAS-Port-Id "eth0.47.48"> <NAS-Port-Type Ethernet> <Calling-Station-Id "94
80:bc:e0:70"> <Called-Station-Id "eth0.47.48"> <Acct-Session-Id "da724d005164fe78"> <User-Password >][2015-02-04 14:14:41.224] eth0.47.48: da724d005164fe78: recv [RADIUS(1) Access-Reject id=1]
[2015-02-04 14:14:41.225] eth0.47.48: da724d005164fe78: terminate
[2015-02-04 14:14:41.225] eth0.47.48: da724d005164fe78: ipoe: session finished
Re: QinQ+радиус
Спасибо дело было в неправильной маске которую я прописал в конфиге.