вообщем! суть до дела!
правила я настроил по примеру:
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j SNAT --to-source 80.х.х.х
COMMIT
# Completed on Thu Nov 20 23:44:08 2003
# Generated by iptables-save v1.2.7a on Thu Nov 20 23:44:08 2003
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:DIRECTLINK - [0:0]
#ssh
-A INPUT -i eth0 -p tcp --dport 22 -s 192.168.0.0/255.255.255.0 -j ACCEPT
#http
-A INPUT -i eth0 -d 80.х.х.х -p tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -s 80.х.х.х -p tcp --sport 80 -j ACCEPT
#dns
-A INPUT -i eth0 -d 80.х.х.х -p udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -s 80.х.х.х -p udp --sport 53 -j ACCEPT
#
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 127.0.0.1 -i lo -j ACCEPT
-A INPUT -s 80.х.х.х -i lo -j ACCEPT
-A INPUT -s 192.168.0.2 -i lo -j ACCEPT
-A INPUT -d 80.х.х.х -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 80.х.х.х -p icmp -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-net-unreachable
-A OUTPUT -s 127.0.0.1 -j ACCEPT
-A OUTPUT -s 80.х.х.х -j ACCEPT
-A OUTPUT -s 192.168.0.2 -j ACCEPT
COMMIT
Инет работает, у всех абсолютно.
Далее пытаюсь заставить работать utm5 Запустилась, но с какой-то ошибкой:
[root@novour]# service utm5_core start
Starting utm5_core
Starting utm5_core
?Debug : Mar 10 19:58:17 Rehash: Rehash manager started
Notice: Mar 10 19:58:17 ModMap: Sub-Module 'rehash' inserted...
Notice: Mar 10 19:58:17 UTM5 Config: Processing config file: /netup/utm5/utm5.cfg
?Debug : Mar 10 19:58:17 ModMap: Module <rehash> exist
Notice: Mar 10 19:58:17 ModMap: Sub-Module 'config' inserted...
?Debug : Mar 10 19:58:17 ModMap: Module <config> exist
?Debug : Mar 10 19:58:17 ModMap: Module <rehash> exist
Notice: Mar 10 19:58:17 ModMap: Sub-Module 'logger' inserted...
[root@novour]#
Ну явно что-то не так.
До этого пытаюсь поставить ng_netflow:
[root@novour ng_netflow-0.2.5]# make
Makefile:8: *** пропущен разделитель. Останов.
[root@novour ng_netflow-0.2.5]#
пытаюсь поставить NDSAD, пишет:
[root@novour ndsad-1.33]# ./preconf
[root@novour ndsad-1.33]#
[root@novour ndsad-1.33]# ./configure
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking for g++... g++
checking for C++ compiler default output file name... a.out
checking whether the C++ compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking for style of include used by make... GNU
checking dependency style of g++... gcc3
checking for gcc... gcc
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking dependency style of gcc... gcc3
checking whether ln -s works... yes
checking for pcap_loop in -lpcap... no
checking for pthread_mutex_init in -lpthread... yes
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for int64_t... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
[root@novour ndsad-1.33]#
[root@novour ndsad-1.33]# make
make all-am
make[1]: Entering directory `/distrib/ndsad/ndsad-1.33'
if g++ -DHAVE_CONFIG_H -I. -I. -I. -O0 -fno-inline -g -ftemplate-depth-32 -g -MT ndsad-config.o -MD -MP -MF ".deps/ndsad-config.Tpo" -c -o ndsad-config.o `test -f 'config.cc' || echo './'`config.cc; \
then mv -f ".deps/ndsad-config.Tpo" ".deps/ndsad-config.Po"; else rm -f ".deps/ndsad-config.Tpo"; exit 1; fi
In file included from handlers.h:13,
from config_ndsad.h:19,
from config.cc:27:
pcap.local.h:12:18: error: pcap.h: Нет такого файла или каталога
handlers.h:47: ошибка: ‘pcap_handler’ does not name a type
config_ndsad.h:75: ошибка: нет декларации ‘pcap_addr’ в этой области видимости
config_ndsad.h:75: ошибка: нет декларации ‘addresses’ в этой области видимости
config_ndsad.h:75: ошибка: expected primary-expression before ‘*’ token
config_ndsad.h:75: ошибка: нет декларации ‘cfl’ в этой области видимости
config_ndsad.h:75: ошибка: initializer - списое выражений рассматривается как составное выражение
config.cc:297: ошибка: нет декларации ‘pcap_addr’ в этой области видимости
config.cc:297: ошибка: нет декларации ‘addresses’ в этой области видимости
config.cc:297: ошибка: expected primary-expression before ‘const’
config.cc:297: ошибка: initializer - списое выражений рассматривается как составное выражение
config.cc:298: ошибка: expected ‘,’ or ‘;’ before ‘{’ token
make[1]: *** [ndsad-config.o] Ошибка 1
make[1]: Leaving directory `/distrib/ndsad/ndsad-1.33'
make: *** [all] Ошибка 2
[root@novour ndsad-1.33]#
Пытаюсь ставить flow-tools:
[root@novour flow-tools-0.68]# ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for a BSD-compatible install... /usr/bin/install -c
checking whether make sets $(MAKE)... (cached) yes
checking for bison... bison -y
checking for ranlib... ranlib
checking for flex... flex
checking for yywrap in -lfl... yes
checking lex output file root... lex.yy
checking whether yytext is a pointer... yes
checking for main in -ly... no
checking for zlibVersion in -lz... yes
checking for allow_severity in -lwrap... yes
checking for dirent.h that defines DIR... yes
checking for library containing opendir... none required
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking features.h usability... yes
checking features.h presence... yes
checking for features.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking malloc.h usability... yes
checking malloc.h presence... yes
checking for malloc.h... yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking for sin_len in sockaddr_in ...
no
checking for an ANSI C-conforming const... yes
checking for off_t... yes
checking for pid_t... yes
checking for size_t... yes
checking for struct stat.st_rdev... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for stdlib.h... (cached) yes
checking for unistd.h... (cached) yes
checking for getpagesize... yes
checking for working mmap... yes
checking for working alloca.h... yes
checking for alloca... yes
checking return type of signal handlers... void
checking for gethostbyname in -lnsl... yes
checking for socket in -lsocket... no
checking for gethostname... yes
checking for gettimeofday... yes
checking for select... yes
checking for socket... yes
checking for strdup... yes
checking for strtoul... yes
checking for timelocal... yes
checking for sigaction... yes
checking for strsep... yes
checking for strerror... yes
checking for strtoull... yes
checking strtoul returns 64 bits... no
configure: creating ./config.status
config.status: creating lib/Makefile
config.status: creating src/Makefile
config.status: creating bin/Makefile
config.status: creating Makefile
config.status: creating docs/Makefile
config.status: creating lib/ftpaths.h
config.status: creating configs/Makefile
config.status: creating docs/flow-capture.1
config.status: creating docs/flow-capture.html
config.status: creating docs/flow-nfilter.1
config.status: creating docs/flow-nfilter.html
config.status: creating docs/flow-print.1
config.status: creating docs/flow-print.html
config.status: creating docs/flow-report.1
config.status: creating docs/flow-report.html
config.status: creating docs/flow-receive.1
config.status: creating docs/flow-receive.html
config.status: creating docs/flow-tag.1
config.status: creating docs/flow-tag.html
config.status: creating docs/flow-mask.1
config.status: creating docs/flow-mask.html
config.status: creating docs/flow-fanout.1
config.status: creating docs/flow-fanout.html
config.status: creating docs/flow-xlate.1
config.status: creating docs/flow-xlate.html
config.status: creating docs/flow-rpt2rrd.1
config.status: creating docs/flow-rpt2rrd.html
config.status: creating docs/flow-rptfmt.1
config.status: creating docs/flow-rptfmt.html
config.status: creating docs/flow-log2rrd.1
config.status: creating docs/flow-log2rrd.html
config.status: creating lib/ftconfig.h
config.status: lib/ftconfig.h is unchanged
config.status: executing depfiles commandsPlease subscribe to the flow-tools mailing list by sending a message to
flow-tools-request@splintered.net
Now type make to continue the build process
[root@novour flow-tools-0.68]#
[root@novour flow-tools-0.68]# gmake
Making all in lib
gmake[1]: Entering directory `/distrib/flowtools/flow-tools-0.68/lib'
gmake all-am
gmake[2]: Entering directory `/distrib/flowtools/flow-tools-0.68/lib'
source='ftio.c' object='ftio.o' libtool=no \
depfile='.deps/ftio.Po' tmpdepfile='.deps/ftio.TPo' \
depmode=gcc3 /bin/sh ../depcomp \
gcc -I. -I./lib -I. -I. -I. -g -Wall -g -Wall -c `test -f 'ftio.c' || echo './'`ftio.c
ftio.c: In function ‘readn’:
ftio.c:2270: ошибка: некорректная левая часть в присваивании
ftio.c: In function ‘writen’:
ftio.c:2295: ошибка: некорректная левая часть в присваивании
gmake[2]: *** [ftio.o] Ошибка 1
gmake[2]: Leaving directory `/distrib/flowtools/flow-tools-0.68/lib'
gmake[1]: *** [all] Ошибка 2
gmake[1]: Leaving directory `/distrib/flowtools/flow-tools-0.68/lib'
gmake: *** [all-recursive] Ошибка 1
[root@novour flow-tools-0.68]#
Всё делаю как в инструкции, и не хотит...
Если просто запускаю уже готовый(Скачаный из инета и откомпилированный) ndsad:
[root@novour ndsad-1.33-linux.static]# ./ndsad
ndsad[16002]: Session opened on Tue Mar 10 20:17:27 2009
ndsad[16002]: binary version `1.33'
ndsad[16002]: Creating NFC for <ulog_iface> family. dev <ulog_iface0>
ndsad[16002]: NFC created <0x8ca1860>.
ndsad[16002]: Starting worker thread for linux ulog socket.
ndsad[16002]: `peth0': new device
ndsad[16002]: Starting worker thread for device <peth0>
ndsad[16002]: `virbr0': new device
ndsad[16002]: Starting worker thread for device <virbr0>
ndsad[16005]: Creating NFC for <default> family. dev <peth0>
ndsad[16005]: NFC created <0x8ca4c90>.
ndsad[16005]: `peth0' thread started successfully.
ndsad[16005]: `peth0' thread is preparing for dummy loop call
ndsad[16006]: `virbr0' thread started successfully.
ndsad[16006]: `virbr0' thread is preparing for dummy loop call
ndsad[16002]: `vif0.0': new device
ndsad[16002]: Starting worker thread for device <vif0.0>
ndsad[16002]: `eth0': new device
ndsad[16002]: Starting worker thread for device <eth0>
ndsad[16002]: `xenbr0': new device
ndsad[16002]: Starting worker thread for device <xenbr0>
ndsad[16002]: `eth1': new device
ndsad[16002]: Starting worker thread for device <eth1>
ndsad[16002]: `lo': new device
ndsad[16002]: Starting worker thread for device <lo>
ndsad[16007]: `vif0.0' thread started successfully.
ndsad[16007]: `vif0.0' thread is preparing for dummy loop call
ndsad[16008]: Creating NFC for <eth> family. dev <eth0>
ndsad[16008]: NFC created <0x8cb6368>.
ndsad[16008]: `eth0' thread started successfully.
ndsad[16009]: `xenbr0' thread started successfully.
ndsad[16009]: `xenbr0' thread is preparing for dummy loop call
ndsad[16010]: `eth1' thread started successfully.
ndsad[16011]: Creating NFC for <lo> family. dev <lo>
ndsad[16011]: NFC created <0x8cb7840>.
ndsad[16011]: `lo' thread started successfully.
ndsad[16002]: `ulog_iface0': new device
ndsad[16008]: `eth0' thread is preparing for PCAP loop call
ndsad[16008]: pcap_datalink(eth0) = 1
ndsad[16008]: Set ppp offset = 4
ndsad[16010]: `eth1' thread is preparing for PCAP loop call
ndsad[16010]: pcap_datalink(eth1) = 1
ndsad[16010]: Set ppp offset = 4
ndsad[16011]: `lo' thread is preparing for PCAP loop call
ndsad[16011]: pcap_datalink(lo) = 1
ndsad[16011]: Set ppp offset = 4
и после того как нажимаю Ctrl-с:
Signal SIGINT cought...
ndsad[16012]: Unable to unlink pid file of another process
Signal SIGINT cought...
ndsad[16010]: Unable to unlink pid file of another process
Signal SIGINT cought...
ndsad[16009]: Unable to unlink pid file of another process
Signal SIGINT cought...
ndsad[16008]: Unable to unlink pid file of another process
Signal SIGINT cought...
ndsad[16007]: Unable to unlink pid file of another process
Signal SIGINT cought...
ndsad[16006]: Unable to unlink pid file of another process
Signal SIGINT cought...
ndsad[16005]: Unable to unlink pid file of another process
[root@novour ndsad-1.33-linux.static]#
Помагите попробовать решить эту проблему.
P.S. кстати, забыл, UTM5 считает трафик, но не правильно, и не отображает пока
service utm5_core stop
service utm5_core start
