> From: madani <madani55sa@xxxxxxxxx> > Subject: [noCensorship] Unknown acl notation Error > To: nocensorship@xxxxxxxxxxxxx > > Hi Wayne Hiya, > Whenever I try to run LP from the customized config file in which I added my > own proxies (config-_sbm.xml). I get the following: > > Sorting hosts (uses DNS, please connect)... > > Unknown acl notation: KSA-sbm > > Unknown acl notation: KSA-sbm > > Unknown acl notation: KSA-sbm There is probably, somewhere, a tag called 'onlyAllowsTcpAccessFrom', with a value containing 'KSA-sbm'. That means it was put there by mergeHosts. Not in my hosts.xml, or firewalls.xml, so it must be in your config-_sbm.xml (or hosts if you've modified it with mergeHosts maybe) Some time ago, when you used mergeHosts, did you see this error message? >Warning: firewalls.xml access control data (xxxx) incorrectly >says this location has no access to xxxx. Tell wayne please. >Adding 'onlyAllowsTcpAccessFrom' tag for KSA-sbm I'm guessing you did. In that case, you have a proxy in your own config which I thought was not accessible from your location. Could you please let me know your IP address (xxx.xxx.xxx.0/24 is ok) and the /24 of the proxy(ies)? Or find that tag, and see why mergeHosts thought the corresponding proxy was not accessible from your computer at the time - then let me know what subnet(s) need to be added as either 'subnetsInside' in firewalls.xml/ KSA-sbm, or as 'otherAccessibleSubnets' in the same place. As well as that, the part of the lp2 code that was supposed to handle this is unfinished :-) I guess I was lazy at the time, and just haven't noticed it since. I've fixed it now, and LP should accept the extra tag. Get a new localProxy2.pl. > In config-_sbm.xml, there is a reference to KSA-sbm in the firewalls.xml > (<item key="useFirewall">KSA-sbm</item>) No other reference? > Looking at the above, LP did not understand the KSA-sbm section in the > firewalls file. > > What is/are the reasons? I don't think that's right. There are two parts to the problem, and the second part is in lp2's interpretation of the tag I mention above. That should be fixed. The initial part was caused by mergeHosts being clever when it had test results indicating you could access a proxy, yet no corresponding subnet info from firewalls which allowed this to be true. It added a tag to indicate that access was allowed (on the basis that, if even one test is successful, you *do* have access). > This explains why non of the SBM proxies in my config file or from the > hosts.xml are picked up by LP. Yes, it does. > Is the subnetInside (212.46.32.0/19) range correct? It looks like it should be /18 now. And if you had positive tests for a proxy in the /18 range but not in the /19 range, (212.46.48.0 - 212.46.63.255) then that would cause the extra tag added above! > Are the (nameServer">212.46.32.33, 212.46.32.65</item>) correct ? Dunno - tell me. :-) It's hard for me to know, but I got that info from somewhere. It might be very old. > BTW you have stated in your reply on my message (Re: LP and ActivePerl 8xx) > that SBM subnet extend to 212.46.63.255. Is it true? Yes, AFAIK: $ whois 212.46.63.255 inetnum: 212.46.32.0 - 212.46.63.255 netname: SA-SBM-990301 descr: Saudi Business Machines descr: PROVIDER country: SA That doesn't prove that all subnets have access to all others, or even that subnets within the range are actually in use. There's no way I can keep track of all that though, so LP must assume they are there and accessible. That's no problem normally. > Note: I noticed that 8888 port is listed in blockedTCPPorts and openTCPPorts > (firewalls.xml). It is not an open port in KSA. Need to be corrected. Thanks. Dunno when that happened :-( I've fixed it now. Get a new firewalls.xml. > madani -- wayne@xxxxxxxxxxxxx http://proxytools.sourceforge.net/ ===8>============== noCensorship community =============== List's webpage: //www.freelists.org/webpage/nocensorship List's archive: //www.freelists.org/archives/nocensorship To unsubscribe: nocensorship-request@xxxxxxxxxxxxx with 'unsubscribe' in the SUBJECT field. Moderator's email: nocensorship-moderators@xxxxxxxxxxxxx ===8>============== noCensorship community ===============