[noCensorship] Re: Unknown acl notation Error
- From: wayne <wayne@xxxxxxxxxxxxx>
- To: nocensorship@xxxxxxxxxxxxx, proxytools-users@xxxxxx
- Date: 13 Apr 2003 16:33:23 -0000
> From: madani <madani55sa@xxxxxxxxx>
> Subject: [noCensorship] Unknown acl notation Error
> To: nocensorship@xxxxxxxxxxxxx
>
> Hi Wayne
Hiya,
> Whenever I try to run LP from the customized config file in which I added my
> own proxies (config-_sbm.xml). I get the following:
>
> Sorting hosts (uses DNS, please connect)...
>
> Unknown acl notation: KSA-sbm
>
> Unknown acl notation: KSA-sbm
>
> Unknown acl notation: KSA-sbm
There is probably, somewhere, a tag called
'onlyAllowsTcpAccessFrom', with a value containing 'KSA-sbm'.
That means it was put there by mergeHosts.
Not in my hosts.xml, or firewalls.xml, so it must be in
your config-_sbm.xml (or hosts if you've modified it with
mergeHosts maybe)
Some time ago, when you used mergeHosts, did you see this error
message?
>Warning: firewalls.xml access control data (xxxx) incorrectly
>says this location has no access to xxxx. Tell wayne please.
>Adding 'onlyAllowsTcpAccessFrom' tag for KSA-sbm
I'm guessing you did.
In that case, you have a proxy in your own config which I thought
was not accessible from your location. Could you please let me know
your IP address (xxx.xxx.xxx.0/24 is ok) and the /24 of the
proxy(ies)? Or find that tag, and see why mergeHosts thought the
corresponding proxy was not accessible from your computer at the
time - then let me know what subnet(s) need to be added as either
'subnetsInside' in firewalls.xml/ KSA-sbm, or as
'otherAccessibleSubnets' in the same place.
As well as that, the part of the lp2 code that was supposed to
handle this is unfinished :-)
I guess I was lazy at the time, and just haven't noticed it since.
I've fixed it now, and LP should accept the extra tag.
Get a new localProxy2.pl.
> In config-_sbm.xml, there is a reference to KSA-sbm in the firewalls.xml
> (<item key="useFirewall">KSA-sbm</item>)
No other reference?
> Looking at the above, LP did not understand the KSA-sbm section in the
> firewalls file.
>
> What is/are the reasons?
I don't think that's right. There are two parts to the problem, and
the second part is in lp2's interpretation of the tag I mention
above. That should be fixed. The initial part was caused by
mergeHosts being clever when it had test results indicating you
could access a proxy, yet no corresponding subnet info from
firewalls which allowed this to be true. It added a tag to indicate
that access was allowed (on the basis that, if even one test is
successful, you *do* have access).
> This explains why non of the SBM proxies in my config file or from the
> hosts.xml are picked up by LP.
Yes, it does.
> Is the subnetInside (212.46.32.0/19) range correct?
It looks like it should be /18 now.
And if you had positive tests for a proxy in the /18 range but not
in the /19 range, (212.46.48.0 - 212.46.63.255) then that would
cause the extra tag added above!
> Are the (nameServer">212.46.32.33, 212.46.32.65</item>) correct ?
Dunno - tell me. :-)
It's hard for me to know, but I got that info from somewhere.
It might be very old.
> BTW you have stated in your reply on my message (Re: LP and ActivePerl 8xx)
> that SBM subnet extend to 212.46.63.255. Is it true?
Yes, AFAIK:
$ whois 212.46.63.255
inetnum: 212.46.32.0 - 212.46.63.255
netname: SA-SBM-990301
descr: Saudi Business Machines
descr: PROVIDER
country: SA
That doesn't prove that all subnets have access to all others, or
even that subnets within the range are actually in use. There's
no way I can keep track of all that though, so LP must assume
they are there and accessible. That's no problem normally.
> Note: I noticed that 8888 port is listed in blockedTCPPorts and openTCPPorts
> (firewalls.xml). It is not an open port in KSA. Need to be corrected.
Thanks. Dunno when that happened :-(
I've fixed it now.
Get a new firewalls.xml.
> madani
--
wayne@xxxxxxxxxxxxx
http://proxytools.sourceforge.net/
===8>============== noCensorship community ===============
List's webpage: //www.freelists.org/webpage/nocensorship
List's archive: //www.freelists.org/archives/nocensorship
To unsubscribe: nocensorship-request@xxxxxxxxxxxxx with 'unsubscribe' in the
SUBJECT field.
Moderator's email: nocensorship-moderators@xxxxxxxxxxxxx
===8>============== noCensorship community ===============
Other related posts:
