ispCP - Board - Support
Datensätze hängen - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega International Area (/forum-22.html)
+--- Forum: German Corner (/forum-26.html)
+--- Thread: Datensätze hängen (/thread-10243.html)

Datensätze hängen - Snooops - 04-04-2010 07:01 AM

Servus,
hier ist der Debug
Code:
DEBUG: push_el() sub_name: mngr_start_up(), msg: Starting...
DEBUG: push_el() sub_name: lock_system(), msg: Starting...
DEBUG: push_el() sub_name: lock_system(), msg: Ending...
DEBUG: push_el() sub_name: get_conf(), msg: Starting...
DEBUG: push_el() sub_name: get_file(), msg: Starting...
DEBUG: push_el() sub_name: get_file(), msg: Ending...
DEBUG: push_el() sub_name: setup_main_vars(), msg: Starting...
DEBUG: push_el() sub_name: decrypt_db_password(), msg: Starting...
DEBUG: push_el() sub_name: decrypt_db_password(), msg: Ending...
DEBUG: push_el() sub_name: setup_main_vars(), msg: Ending...
DEBUG: push_el() sub_name: get_conf(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: mngr_start_up(), msg: Ending...
DEBUG: push_el() sub_name: mngr_engine(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: mngr_engine(), msg: processing 22, vendeto.de, toadd.
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
DEBUG: push_el() sub_name: sys_command('/var/www/ispcp/engine/ispcp-als-mngr 22 1>/var/log/ispcp/ispcp-als-mngr.stdout 2>/var/log/ispcp/ispcp-als-mngr.stderr'), msg: Ending...
DEBUG: push_el() sub_name: mngr_engine(), msg: processing 23, vendeto.com, toadd.
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
DEBUG: push_el() sub_name: sys_command('/var/www/ispcp/engine/ispcp-als-mngr 23 1>/var/log/ispcp/ispcp-als-mngr.stdout 2>/var/log/ispcp/ispcp-als-mngr.stderr'), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
^[[BDEBUG: push_el() sub_name: sys_command('/var/www/ispcp/engine/ispcp-serv-mngr 0 0 2 0 0 1>/var/log/ispcp/ispcp-serv-mngr.stdout 2>/var/log/ispcp/ispcp-serv-mngr.stderr'), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: mngr_engine(), msg: processing 5, change.
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
DEBUG: push_el() sub_name: sys_command('/var/www/ispcp/engine/ispcp-htusers-mngr 5 1>/var/log/ispcp/ispcp-htusers-mngr.stdout 2>/var/log/ispcp/ispcp-htusers-mngr.stderr'), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: mngr_engine(), msg: processing 5 -> 5, change.
DEBUG: push_el() sub_name: sys_command(), msg: Starting...
DEBUG: push_el() sub_name: sys_command('/var/www/ispcp/engine/ispcp-htgroups-mngr 5 1>/var/log/ispcp/ispcp-htgroups-mngr.stdout 2>/var/log/ispcp/ispcp-htgroups-mngr.stderr'), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: doSQL(), msg: Starting...
DEBUG: push_el() sub_name: doSQL(), msg: Ending...
DEBUG: push_el() sub_name: mngr_engine(), msg: Ending...
DEBUG: push_el() sub_name: mngr_shut_down(), msg: Starting...
DEBUG: push_el() sub_name: mngr_shut_down(), msg: Ending...

hier ist meine Iptables rule:
Code:
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
export PATH

LSMOD="lsmod"
MODPROBE="modprobe"
IPTABLES="iptables"
IP6TABLES="ip6tables"
IPTABLES_RESTORE="iptables-restore"
IP6TABLES_RESTORE="/sbin/ip6tables-restore"
IP="ip"
LOGGER="logger"


log() {
  echo "$1"
  test -x "$LOGGER" && $LOGGER -p info "$1"
}

check_file() {
  test -r "$2" || {
    echo "Can not find file $2 referenced by AddressTable object $1"
    exit 1
  }
}

va_num=1
add_addr() {
  addr=$1
  nm=$2
  dev=$3

  type=""
  aadd=""

  L=`$IP -4 link ls $dev | head -n1`
  if test -n "$L"; then
    OIFS=$IFS
    IFS=" /:,<"
    set $L
    type=$4
    IFS=$OIFS
    if test "$type" = "NO-CARRIER"; then
      type=$5
    fi

    L=`$IP -4 addr ls $dev to $addr | grep inet | grep -v :`
    if test -n "$L"; then
      OIFS=$IFS
      IFS=" /"
      set $L
      aadd=$2
      IFS=$OIFS
    fi
  fi
  if test -z "$aadd"; then
    if test "$type" = "POINTOPOINT"; then
      $IP -4 addr add $addr dev $dev scope global label $dev:FWB${va_num}
      va_num=`expr $va_num + 1`
    fi
    if test "$type" = "BROADCAST"; then
      $IP -4 addr add $addr/$nm dev $dev brd + scope global label $dev:FWB${va_num}
      va_num=`expr $va_num + 1`
    fi
  fi
}

getInterfaceVarName() {
  echo $1 | sed 's/\./_/'
}

getaddr() {
  dev=$1
  name=$2
  L=`$IP -4 addr show dev $dev | grep inet | grep -v :`
  test -z "$L" && {
    eval "$name=''"
    return
  }
  OIFS=$IFS
  IFS=" /"
  set $L
  eval "$name=$2"
  IFS=$OIFS
}

getaddr6() {
  dev=$1
  name=$2
  L=`$IP -6 addr show dev $dev | grep inet6 | grep -v :`
  test -z "$L" && {
    eval "$name=''"
    return
  }
  OIFS=$IFS
  IFS=" /"
  set $L
  eval "$name=$2"
  IFS=$OIFS
}


getinterfaces() {
  NAME=$1
  $IP link show | grep ": $NAME" | while read L; do
    OIFS=$IFS
    IFS=" :"
    set $L
    IFS=$OIFS
    echo $2
  done
}


# increment ip address
incaddr()
{
  n1=$4
  n2=$3
  n3=$2
  n4=$1

  vn1=`eval  "echo \\$$n1"`

  R=`expr $vn1 \< 255`
  if test $R = "1"; then
    eval "$n1=`expr $vn1 + 1`"
  else
    eval "$n1=0"
    incaddr XX $n4 $n3 $n2
  fi
}


prolog_commands() {
echo "Running prolog script"

}

epilog_commands() {
echo "Running epilog script"

}

run_epilog_and_exit() {
  epilog_commands
  exit $1
}

if $IP link ls >/dev/null 2>&1; then
  echo;
else
  echo "iproute not found"
  exit 1
fi

prolog_commands


MODULES_DIR="/lib/modules/`uname -r`/kernel/net/"
MODULES=`find $MODULES_DIR -name '*conntrack*'|sed  -e 's/^.*\///' -e 's/\([^\.]\)\..*/\1/'`
for module in $MODULES; do
  if $LSMOD | grep ${module} >/dev/null; then continue; fi
  $MODPROBE ${module} ||  exit 1
done


# Using 0 address table files


# Configure interfaces




# Add virtual addresses for NAT rules


log 'Activating firewall script generated Sat Apr 03 18:55:38 2010  by Snooops'



# ================ IPv4


# ================ Table 'filter', automatic rules
$IPTABLES -P OUTPUT  DROP
$IPTABLES -P INPUT   DROP
$IPTABLES -P FORWARD DROP

cat /proc/net/ip_tables_names | while read table; do
  $IPTABLES -t $table -L -n | while read c chain rest; do
      if test "X$c" = "XChain" ; then
        $IPTABLES -t $table -F $chain
      fi
  done
  $IPTABLES -t $table -X
done


$IPTABLES -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# ================ Table 'filter', rule set Policy
# Policy compiler errors and warnings:
#
#
# Rule 0 (global)
#
echo "Rule 0 (global)"
#
# Allow all outgoing
#
$IPTABLES -A OUTPUT  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -o +   -m state --state NEW  -j ACCEPT
#
# Rule 1 (global)
#
echo "Rule 1 (global)"
#
#
#
$IPTABLES -A INPUT -p icmp  -m icmp  --icmp-type any  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p icmp  -m icmp  --icmp-type any  -m state --state NEW  -j ACCEPT
#
# Rule 2 (global)
#
echo "Rule 2 (global)"
#
#
#
$IPTABLES -A INPUT -p tcp -m tcp  --dport 21  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p tcp -m tcp  --dport 21  -m state --state NEW  -j ACCEPT
#
# Rule 3 (global)
#
echo "Rule 3 (global)"
#
#
#
$IPTABLES -A INPUT -p tcp -m tcp  --dport 80  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p tcp -m tcp  --dport 80  -m state --state NEW  -j ACCEPT
#
# Rule 4 (global)
#
echo "Rule 4 (global)"
#
#
#
$IPTABLES -A INPUT -p tcp -m tcp  --dport 443  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p tcp -m tcp  --dport 443  -m state --state NEW  -j ACCEPT
#
# Rule 5 (global)
#
echo "Rule 5 (global)"
#
#
#
$IPTABLES -A INPUT -p tcp -m tcp  --dport 143  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p tcp -m tcp  --dport 143  -m state --state NEW  -j ACCEPT
#
# Rule 6 (global)
#
echo "Rule 6 (global)"
#
#
#
$IPTABLES -A INPUT -p tcp -m tcp  --dport 110  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p tcp -m tcp  --dport 110  -m state --state NEW  -j ACCEPT
#
# Rule 7 (global)
#
echo "Rule 7 (global)"
#
#
#
$IPTABLES -A INPUT -p tcp -m tcp  --dport 25  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p tcp -m tcp  --dport 25  -m state --state NEW  -j ACCEPT
#
# Rule 8 (global)
#
echo "Rule 8 (global)"
#
#
#
$IPTABLES -A INPUT -p tcp -m tcp  --dport 22  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p tcp -m tcp  --dport 22  -m state --state NEW  -j ACCEPT
#
# Rule 9 (global)
#
echo "Rule 9 (global)"
#
# local backup
#
$IPTABLES -A INPUT -p tcp -m tcp  --dport 497  -m state --state NEW  -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp  --dport 497  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p tcp -m tcp  --dport 497  -m state --state NEW  -j ACCEPT
$IPTABLES -A FORWARD  -i +  -p udp -m udp  --dport 497  -m state --state NEW  -j ACCEPT
#
# Rule 10 (global)
#
echo "Rule 10 (global)"
#
# Block all other
#
$IPTABLES -A INPUT  -j DROP
$IPTABLES -A FORWARD  -i +   -j DROP

epilog_commands

echo 1 > /proc/sys/net/ipv4/ip_forward

Und das Problem ist das egal was ich anlege, bearbeite oder lösche alles hängt in der Warteschleife und wird erst ausgeführt wenn ich ./ispcp-rqst-mngr ausführe.
Irgendeine Idee?

RE: Datensätze hängen - BeNe - 04-05-2010 04:57 AM

Quote:Und das Problem ist das egal was ich anlege, bearbeite oder lösche alles hängt in der Warteschleife und wird erst ausgeführt wenn ich ./ispcp-rqst-mngr ausführe.
Aber der ispcp-daemon läuft korrekt ?
Der Debug sieht ok. Was es jetzt mit einem iptables script auf sich haben soll habe ich jetzt nicht so ganz verstanden ?!

Greez BeNe

RE: Datensätze hängen - Snooops - 04-05-2010 10:20 PM

Das Problem tritt erst auf wenn ich diese IPTables rules lade. Vielleicht gibt es ja im ispcp befehle für localhost die nicht in meinen Regeln definiert oder erlaubt sind. Habe ich vielleicht etwas für meine IPtables Rules vergessen?!

RE: Datensätze hängen - p3g3h - 04-09-2010 05:08 AM

Guten Abend

Habe soeben das selbe Problem festgestellt nach Update auf 1.0.5 von 1.0.4 System Debian Lenny 64 Bit. Lösung bereits in Sicht? Also Problem in Bezug auf den Request Manager Zusammenhang zu den IPtables sehe ich derzeit nicht.

Gruß