Re: [SOLVED] 403: Forbidden!!!!!!
Posted: Wed Sep 26, 2012 2:22 pm
having heavy war with that torrent client about ~5 hours.
FreeBSD 9.0
internal network face was opened for any connections.
whitelist settings and othe one reread and rechecked about ~ 50 times. All're made as in instruction.
watching only that messages in messages log file:
Sep 26 18:15:04 estaf transmission-daemon[79085]: UDP Failed to set receive buffer: No buffer space available (tr-udp.c:58)
Sep 26 18:15:04 estaf transmission-daemon[79085]: UDP Failed to set receive buffer: requested 4194304, got 42080 (tr-udp.c:77)
Bat that moment I decided with sysctl kern.ipc.maxsockbuf=10485760 one. anyway - it's not solve problem with authorization.
Client of transmission-daemon is 4.03 version for mac.
daemon version: 2.61 (13407)
on web interface:
"403: Forbidden
Unauthorized IP Address.
Either disable the IP address whitelist or add your address to it.
If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries.
If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details."
ifconfig on the client side:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether .........
inet6 .........en0 prefixlen 64 scopeid 0x4
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
sockstat | grep 9091
iron transmissi 79336 7 tcp4 *:9091 *:*
pf.conf
I normally go to web (Apache), ftp etc services on the that BSD from mac, and have problems with that transmission daemon.
Чем его бороть, этот суперпупер даемон, блин)))
FreeBSD 9.0
internal network face was opened for any connections.
whitelist settings and othe one reread and rechecked about ~ 50 times. All're made as in instruction.
watching only that messages in messages log file:
Sep 26 18:15:04 estaf transmission-daemon[79085]: UDP Failed to set receive buffer: No buffer space available (tr-udp.c:58)
Sep 26 18:15:04 estaf transmission-daemon[79085]: UDP Failed to set receive buffer: requested 4194304, got 42080 (tr-udp.c:77)
Bat that moment I decided with sysctl kern.ipc.maxsockbuf=10485760 one. anyway - it's not solve problem with authorization.
Client of transmission-daemon is 4.03 version for mac.
daemon version: 2.61 (13407)
on web interface:
"403: Forbidden
Unauthorized IP Address.
Either disable the IP address whitelist or add your address to it.
If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries.
If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details."
ifconfig on the client side:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether .........
inet6 .........en0 prefixlen 64 scopeid 0x4
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
Code: Select all
cat /usr/local/etc/transmission/settings.json
{
"alt-speed-down": 50,
"alt-speed-enabled": false,
"alt-speed-time-begin": 540,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": false,
"alt-speed-time-end": 1020,
"alt-speed-up": 50,
"bind-address-ipv4": "0.0.0.0",
"bind-address-ipv6": "::",
"blocklist-enabled": false,
"dht-enabled": true,
"download-dir": "\/usr\/home\/iron\/1\/downloads",
"encryption": 1,
"incomplete-dir": "\/usr\/home\/iron\/1\/downloads\/incomplete",
"incomplete-dir-enabled": true,
"lazy-bitfield-enabled": true,
"message-level": 2,
"open-file-limit": 32,
"peer-limit-global": 240,
"peer-limit-per-torrent": 60,
"peer-port": 51413,
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,
"peer-port-random-on-start": false,
"peer-socket-tos": 0,
"pex-enabled": true,
"port-forwarding-enabled": true,
"preallocation": 1,
"proxy": "",
"proxy-auth-enabled": false,
"proxy-auth-password": "",
"proxy-auth-username": "",
"proxy-enabled": false,
"proxy-port": 80,
"proxy-type": 0,
"ratio-limit": 2.0000,
"ratio-limit-enabled": false,
"rename-partial-files": true,
"rpc-authentication-required": true,
"rpc-bind-address": "192.168.1.1",
"rpc-enabled": true,
"rpc-port": 9091,
"rpc-username": "iron",
"rpc-password": "111",
"rpc-whitelist": "192.168.1.2",
"rpc-whitelist-enabled": true,
"speed-limit-down": 100,
"speed-limit-down-enabled": false,
"speed-limit-up": 100,
"speed-limit-up-enabled": false,
"umask": 18,
"upload-slots-per-torrent": 14
}
iron transmissi 79336 7 tcp4 *:9091 *:*
pf.conf
Code: Select all
cat /etc/pf.conf
ext_if="tun0"
ext_local="rl0"
int_if="nfe0"
icmp_types="{ echoreq, unreach}"
trusted_lan="{ 192.168.1.0/24, 192.168.2.0/24 }"
untrusted_lan="10.0.0.0/8"
vpn_net="192.168.11.0/24"
table <vpn_net> { 192.168.11.0/24 }
vpn_if="{ ng0, ng1, ng2, ng3, ng4, ng5, ng6, ng7, ng8, ng9, ng10, ng11, ng12, ng13, ng14, ng15, ng16, ng17, ng18, ng19, ng19, ng20, ng21, ng22 }"
localnet="127.0.0.0/8"
tcp_services="{ 20, 21, 1723, 5901 }"
udp_services="{ 5901, 1723 }"
vpn_ports="{ 3389, 20165 }"
set block-policy return
set skip on lo0
set skip on $int_if
scrub in all
nat on $ext_if from $trusted_lan to any -> ($ext_if)
nat on $ext_local from $trusted_lan to any -> ($ext_local)
antispoof quick for ($ext_if)
antispoof quick for ($ext_local)
block log all
pass out on $ext_if from ($ext_if) to any
pass out on $ext_if from $trusted_lan to any
pass out on $ext_local from ($ext_local) to any
pass out on $ext_local from $trusted_lan to any
pass log inet proto icmp all icmp-type $icmp_types
# pptp
pass in on $ext_if proto tcp from any to ($ext_if) port $tcp_services flags S/SA
pass in on vpn_if proto tcp from <vpn_net> to <vpn_net> port $vpn_ports
pass out on vpn_if proto tcp from <vpn_net> to <vpn_net> port $vpn_ports
#pass in on ng0 proto { tcp, udp } from any to <vpn_net> port $vpn_ports
#pass in on ng1 proto { tcp, udp } from any to <vpn_net> port $vpn_ports
Чем его бороть, этот суперпупер даемон, блин)))