fedotov_a_a Posted February 10, 2021 Posted February 10, 2021 (edited) 1. Модель SNR-CPE-ME2 2. Прошивка последняя (1.8.3.3012201114) 3. лог ошибок Что предложите? Feb 10 22:55:45 syslogd started: BusyBox v1.30.1 Feb 10 22:56:29 nginx-wive[4066]: doSystem: (service dnsserver adrestart) > /dev/console 2>&1 (0) Feb 10 22:56:29 nginx-wive[4066]: doSystem: (services_restart.sh misc &) > /dev/console 2>&1 (0) Feb 10 22:56:29 services: Restart needed services and scripts. Mode misc Feb 10 22:56:30 QoS: Stopping SHAPER Feb 10 22:56:30 QoS: Set default rules. Feb 10 22:56:30 Codel: QoS Add codel for all interfaces. Feb 10 22:56:30 adblock: Get ad hosts lists from http://cdn.raletag.gq/rueasyhosts.txt Feb 10 22:56:30 adblock: Get ad hosts lists from http://winhelp2002.mvps.org/hosts.txt Feb 10 22:56:30 iptables: Add netfiler rules Feb 10 22:56:30 iptables: Allow established/related in input Feb 10 22:56:30 iptables: Drop invalid state connections Feb 10 22:56:30 iptables: Service limit set Feb 10 22:56:30 iptables: Set igmp input rules Feb 10 22:56:30 iptables: DHCP server allow Feb 10 22:56:30 iptables: Dnsproxy allow to connect Feb 10 22:56:30 iptables: Quagga allow to connections (from all interfaces). Feb 10 22:56:30 iptables: allow local port range 32768:61000 from LAN, need for some local service Feb 10 22:56:30 iptables: UPNP allow to connect Feb 10 22:56:30 iptables: Samba allow to connect Feb 10 22:56:30 iptables: Wsdd2 allow to connect Feb 10 22:56:30 iptables: Remote managment web limit Feb 10 22:56:30 iptables: Remote managment ssh limit Feb 10 22:56:30 iptables: Allow rate limited ping from all interfaces. Feb 10 22:56:30 iptables: Set forward rules Feb 10 22:56:30 iptables: Set igmp forward rules Feb 10 22:56:30 iptables: Limit per user tcp sessions to 2 Feb 10 22:56:30 iptables: Set macipport filter rules Feb 10 22:56:30 iptables: Parprouted enabled - allow forward any to any Feb 10 22:56:30 iptables: Redirect all DNS requests to local DNS proxy. Feb 10 22:56:30 iptables: Add SNAT from 192.168.2.1/255.255.255.0 to 10.xxx.153.236 at eth3. Feb 10 22:56:30 iptables: Add base upnp rules Feb 10 22:56:30 iptables: Allow established/related in forward Feb 10 22:56:31 resolv: Generate resolv DNS1: 10.xxx.152.1 DNS2: 8.8.8.8 Feb 10 22:56:31 parprouted: Stopping parprouted Feb 10 22:56:31 parprouted: Starting parprouted Feb 10 22:56:31 parprouted[598]: Starting. Feb 10 22:56:31 parprouted[598]: 'ip route add 192.168.2.3/32 metric 50 dev br0' unsuccessful, will try to remove! Feb 10 22:56:31 parprouted[598]: 'ip route add 192.168.2.138/32 metric 50 dev br0' unsuccessful, will try to remove! Feb 10 22:56:31 parprouted[598]: 'ip route add 192.168.2.1/32 metric 50 dev eth3' unsuccessful, will try to remove! Feb 10 22:56:31 dynroute: Stopping ZEBRA Feb 10 22:56:31 parprouted[598]: 'ip route add 192.168.2.24/32 metric 50 dev br0' unsuccessful, will try to remove! Feb 10 22:56:31 zebra[31786]: IRDP: Received shutdown notification. Feb 10 22:56:33 dynroute: Stopping RIPD Feb 10 22:56:34 dynroute: Starting ZEBRA Feb 10 22:56:34 zebra[663]: Zebra 1.2.4 starting: vty@2601 Feb 10 22:56:34 dynroute: Starting RIPD Feb 10 22:56:34 ripd[666]: RIPd 1.2.4 starting: vty@2602 Feb 10 22:56:34 zebra[663]: client 24 says hello and bids fair to announce only rip routes Feb 10 22:56:34 zebra[663]: Try to set TE Link Param Feb 10 22:56:34 dnsserver: Generate /etc/hosts file. Feb 10 22:56:34 dnsserver: Send HUP to dnsmasq. Feb 10 22:56:34 dnsmasq[1128]: read /etc/hosts - 5 addresses Feb 10 22:56:34 dnsmasq[1128]: using nameserver 10.xxx.152.1#53 Feb 10 22:56:34 dnsmasq[1128]: using nameserver 8.8.8.8#53 Feb 10 22:56:34 ntp: Stopping NTPD Feb 10 22:56:35 ntp: Starting NTPD Feb 10 22:56:35 upnpd: Starting UPNP at 10.xxx.153.236 Feb 10 22:56:35 igmpproxy: Stopping IGMPPROXY Feb 10 22:56:35 igmpproxy: Replace route to multicast subnet via eth3. Feb 10 22:56:35 igmpproxy: Starting IGMPPROXY Feb 10 22:56:36 kext: Nat mode Linux Hybrid Feb 10 22:56:36 kext: NAT Offload mode complex, enable hw_nat and selected software fastpaths. Feb 10 22:56:36 kext: NAT fastpath enabled. Feb 10 22:56:36 kext: Route fastpath enabled. Feb 10 22:56:36 kext: Netfilter fastpath enabled. Feb 10 22:56:36 kernel: Ralink HW NAT v2.52.0 Module Disabled Feb 10 22:56:36 kext: hw_nat: load driver with options wifi_offload=1 udp_offload=1 ipv6_offload=0 ttl_regen=1 Feb 10 22:56:36 kernel: Ralink HW NAT v2.52.0 Module Enabled, FoE Size: 16384 Feb 10 22:56:36 kext: hw_nat: set binding threshold to 50. Feb 10 22:56:36 kext: PPPOE Pass Through enable for br0 and eth3 interfaces. Feb 10 22:56:36 kext: Enable multicast to unicast conversion for ra0 rai0 Feb 10 22:56:36 lld2d: Stopping LLD2D Feb 10 22:56:37 lld2d: Starting LLD2D Feb 10 22:56:37 inetd: Stopping inetd Feb 10 22:56:37 inetd: Starting inetd Feb 10 22:56:38 transmission: Not any disk connected. Feb 10 22:56:38 dhcpd: Stop dhcpserver Feb 10 22:56:39 dhcpd: Configure dhcpserver Feb 10 22:56:39 dhcpd: Start dhcpserver Feb 10 22:56:39 udhcpd[1247]: started, v1.30.1 Feb 10 22:56:40 irqbalance: Stopping irqbalance Feb 10 22:56:41 irqbalance: Start irqbalance routing/wifi optimize mode Feb 10 22:56:41 irqbalance: Start irqbalance auto mode Feb 10 22:56:42 adblock: Get ad hosts lists from http://cdn.raletag.gq/rueasyhosts.txt Feb 10 22:56:42 adblock: Get ad hosts lists from http://winhelp2002.mvps.org/hosts.txt Feb 10 22:58:46 adblock: Get ad hosts lists from https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext Feb 10 22:58:47 adblock: Get ad hosts lists from http://www.malwaredomainlist.com/hostslist/hosts.txt Feb 10 22:58:47 adblock: Filter records. Feb 10 22:58:47 adblock: Remove duplicated records. Feb 10 22:58:47 adblock: Create list error, exit Edited February 10, 2021 by fedotov_a_a Вставить ник Quote
fedotov_a_a Posted February 11, 2021 Author Posted February 11, 2021 (edited) выжимка из скрипта /etc/scripts/config-adblock.sh # RUSSIAN BLOCK LIST blocklists="http://cdn.raletag.gq/rueasyhosts.txt" # GLOBAL BLOCK LISTS blocklists="$blocklists http://winhelp2002.mvps.org/hosts.txt" blocklists="$blocklists https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" blocklists="$blocklists http://www.malwaredomainlist.com/hostslist/hosts.txt" # skip some counters - prevent break sites view and allow small analitycs unblocklist="liveinternet.ru|counter.yadro.ru|^yadro.ru|top100.ru|mc.yandex.ru|metrika|openstat.net" unblocklist="$unblocklist|google-analytics.com|googletagmanager.com|^stats.g.doubleclick.net|clustrmaps.com" Первая ссылка http://cdn.raletag.gq/rueasyhosts.txt - не доступна - закоментировал Вторая ссылка https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" - доступна Третья ссылка http://www.malwaredomainlist.com/hostslist/hosts.txt - внутри текста пустота, можно просто закомментировать. При обращении скрипта по второй ссылке выскакивает ошибка, говорящая о неправильных TLS-сертификатах (сори, ели порю горячку, я в этом "деле" не рублю). Сам сервис стартует - появляется файл /tmp/adblock_runnig, и появляется файл /tmp/list.tmp, но внутри /tmp/list.tmp - пустота, так как сервис не может считать инфу с сайтов. Проблема с сертификатами. [SNR-CPE@/]# service dnsserver adstart [SNR-CPE@/]# wget: note: TLS certificate validation not implemented wget: short read, have only 0: Connection reset by peer wget: error getting response: Connection reset by peer wget: note: TLS certificate validation not implemented wget: TLS error from peer (alert code 80): 80 wget: error getting response: Connection reset by peer wget: note: TLS certificate validation not implemented Чем сможете помочь? Edited February 11, 2021 by fedotov_a_a Вставить ник Quote
Vitaly Tarasov Posted February 11, 2021 Posted February 11, 2021 Здравствуйте. Наблюдаем проблему с битыми ссылками, в следующей прошивке исправим. Вставить ник Quote
Rurmanov Posted February 12, 2021 Posted February 12, 2021 (edited) Добрый день, @fedotov_a_a. Исправили проблему в ПО 1.8.4, можете скачать обновление с сайта и поставить вручную или обновить из веб-интерфейса роутера по воздуху, инструкция по обновлению доступна на странице https://nag.wiki/x/N4YS Edited February 12, 2021 by Rurmanov Вставить ник Quote
fedotov_a_a Posted February 15, 2021 Author Posted February 15, 2021 Опять не работает Adblock. Feb 15 14:35:33 kernel: ASSOC - HT support STA. Update AP OperaionMode=0 , fAnyStationIsLegacy=0, fAnyStation20Only=0, fAnyStationNonGF=1 Feb 15 14:35:34 udhcpd[26601]: sending OFFER of 192.168.2.242 Feb 15 14:35:34 udhcpd[26601]: sending ACK to 192.168.2.242 Feb 15 14:36:51 dnsserver: Stopping DNSMASQ Feb 15 14:36:51 dnsmasq[18044]: exiting on receipt of SIGTERM Feb 15 14:36:52 dnsserver: Generate /etc/hosts file. Feb 15 14:36:52 dnsserver: 1 domains user blocked by DNS. Feb 15 14:36:52 dnsserver: Starting DNSMASQ Feb 15 14:36:52 dnsmasq[26974]: started, version 2.80 cachesize 1024 Feb 15 14:36:52 dnsmasq[26974]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN no-DHCP no-scripts no-TFTP no-conntrack no-ipset no-auth DNSSEC no-loop-detect inotify no-dumpfile Feb 15 14:36:52 dnsmasq[26974]: read /etc/hosts - 5 addresses Feb 15 14:36:52 dnsmasq[26974]: using nameserver 1.1.1.1#53 Feb 15 14:36:52 dnsmasq[26974]: using nameserver 77.88.8.7#53 Feb 15 14:37:27 kernel: ASSOC - Assign AID=4 to 5GHz AP 06:77:01:d1:ed:18 Feb 15 14:37:27 kernel: ASSOC - HT support STA. Update AP OperaionMode=0 , fAnyStationIsLegacy=0, fAnyStation20Only=0, fAnyStationNonGF=1 Feb 15 14:37:27 kernel: ASSOC - VHT support STA Feb 15 14:37:28 udhcpd[26601]: sending OFFER of 192.168.2.24 Feb 15 14:37:28 udhcpd[26601]: sending ACK to 192.168.2.24 Feb 15 14:37:35 adblock: Get ad hosts lists from http://update.snr.systems/updates/ad0 Feb 15 14:37:35 adblock: Get ad hosts lists from http://update.snr.systems/updates/ad1 Feb 15 14:37:35 adblock: Get ad hosts lists from http://update.snr.systems/updates/ad2 Feb 15 14:37:35 adblock: Get ad hosts lists from http://update.snr.systems/updates/ad3 Feb 15 14:37:35 adblock: Filter records. Feb 15 14:37:36 adblock: Remove duplicated records. Feb 15 14:37:37 adblock: Create list error, exit Запуск из консоли выдаёт следующее: [SNR-CPE@/]# /etc/init.d/dnsserver restart [SNR-CPE@/]# /etc/init.d/dnsserver adstart [SNR-CPE@/]# wget: server returned error: HTTP/1.1 404 Not Found [SNR-CPE@/]# Вставить ник Quote
Vitaly Tarasov Posted February 16, 2021 Posted February 16, 2021 20 часов назад, fedotov_a_a сказал: Опять не работает Adblock. Feb 15 14:35:33 kernel: ASSOC - HT support STA. Update AP OperaionMode=0 , fAnyStationIsLegacy=0, fAnyStation20Only=0, fAnyStationNonGF=1 Feb 15 14:35:34 udhcpd[26601]: sending OFFER of 192.168.2.242 Feb 15 14:35:34 udhcpd[26601]: sending ACK to 192.168.2.242 Feb 15 14:36:51 dnsserver: Stopping DNSMASQ Feb 15 14:36:51 dnsmasq[18044]: exiting on receipt of SIGTERM Feb 15 14:36:52 dnsserver: Generate /etc/hosts file. Feb 15 14:36:52 dnsserver: 1 domains user blocked by DNS. Feb 15 14:36:52 dnsserver: Starting DNSMASQ Feb 15 14:36:52 dnsmasq[26974]: started, version 2.80 cachesize 1024 Feb 15 14:36:52 dnsmasq[26974]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN no-DHCP no-scripts no-TFTP no-conntrack no-ipset no-auth DNSSEC no-loop-detect inotify no-dumpfile Feb 15 14:36:52 dnsmasq[26974]: read /etc/hosts - 5 addresses Feb 15 14:36:52 dnsmasq[26974]: using nameserver 1.1.1.1#53 Feb 15 14:36:52 dnsmasq[26974]: using nameserver 77.88.8.7#53 Feb 15 14:37:27 kernel: ASSOC - Assign AID=4 to 5GHz AP 06:77:01:d1:ed:18 Feb 15 14:37:27 kernel: ASSOC - HT support STA. Update AP OperaionMode=0 , fAnyStationIsLegacy=0, fAnyStation20Only=0, fAnyStationNonGF=1 Feb 15 14:37:27 kernel: ASSOC - VHT support STA Feb 15 14:37:28 udhcpd[26601]: sending OFFER of 192.168.2.24 Feb 15 14:37:28 udhcpd[26601]: sending ACK to 192.168.2.24 Feb 15 14:37:35 adblock: Get ad hosts lists from http://update.snr.systems/updates/ad0 Feb 15 14:37:35 adblock: Get ad hosts lists from http://update.snr.systems/updates/ad1 Feb 15 14:37:35 adblock: Get ad hosts lists from http://update.snr.systems/updates/ad2 Feb 15 14:37:35 adblock: Get ad hosts lists from http://update.snr.systems/updates/ad3 Feb 15 14:37:35 adblock: Filter records. Feb 15 14:37:36 adblock: Remove duplicated records. Feb 15 14:37:37 adblock: Create list error, exit Запуск из консоли выдаёт следующее: [SNR-CPE@/]# /etc/init.d/dnsserver restart [SNR-CPE@/]# /etc/init.d/dnsserver adstart [SNR-CPE@/]# wget: server returned error: HTTP/1.1 404 Not Found [SNR-CPE@/]# Добрый день, после обновления рекомендуется сбросить роутер к заводским настройкам согласно инструкции: nag.wiki Так же уточните, какие-нибудь дополнительные параметры в настройках Сервиса DNS вы используете?(Желательно пришлите скриншот сюда или в ЛС) Вставить ник Quote
fedotov_a_a Posted February 19, 2021 Author Posted February 19, 2021 Добрый день. Выкладываю распечатки с роутера. В файерволе стоит проброс транзитного трафика только с определённого IP-адреса (заменён нулями). DNS.pdf Firewall.pdf Вставить ник Quote
Rurmanov Posted February 20, 2021 Posted February 20, 2021 14 часов назад, fedotov_a_a сказал: Добрый день. Выкладываю распечатки с роутера. В файерволе стоит проброс транзитного трафика только с определённого IP-адреса (заменён нулями). DNS.pdf Firewall.pdf Добрый день. Настройки роутера до заводских сбрасывали? В лабораторных условиях воспроизвести проблему не удалось. Для диагностики откройте, пожалуйста удалённый доступ до роутера, инструкция доступна по ссылке https://nag.wiki/pages/viewpage.action?pageId=9699470, реквизиты направьте в ЛС. Вставить ник Quote
fedotov_a_a Posted February 24, 2021 Author Posted February 24, 2021 Доброе утро. Проблема исчезла после сброса настроек роутера до заводских. Спасибо, хорошего дня. Вставить ник Quote
Rurmanov Posted February 24, 2021 Posted February 24, 2021 Спасибо за ответ, и вам хорошего дня) Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.