
WHAT IS /usr/lib/cherry/inet_fixed_ip/ip_access_list_update.pl ?

	It is a simple Perl script which must be called regularily from a 
	crontab to update IP access lists on all network access servers 
	configured in the system. The purpose of this is to filter out all
	IP traffic to those clients' IP networks whose current balance is too 
	low (or water_mark is reached) to be served. 

HOW IS WORKS ?

	In general, the script forms an associated list of pairs IP/MASK
	which must be blocked.  Each list is associated to a network access
	server which, in turn has its own accessing method. There're two
	types of access lists: "CISCO" (ip access list extended) for most
	Cisco's routers and "UNIX" - for Unices running IPFIREWALL (ipfw).
	The last can be easily modified to support "ipchains" or someother,
	but here we don't put this due to a lack of testing environment.

	There're also several access methods are supported for being able
	to make any configuration changes on NAS, they are: rsh, ssh and rcp.
	Rcp is used to access ciscos, the are two: rsh and ssh are used for
	NAS nased on Unix hosts.

WHAT TO CONSIDER DURING SYSTEM CONFIGURATION ?

	Just follow the check list below:

	1. Check ../etc/cherry.cfg for $UNIXSHELL_ACCESS_TYPES, this
	associative array should enlist all the accessing methods, like this:
 
		$UNIXSHELL_ACCESS_TYPES{'ssh'} = {( 
				program => '/usr/bin/ssh',
				name    => 'Secure Shell (OpenSSH)' 
				)};
	
	2. Check that the NAS (or list of NASes) you are adding to the system
	supports one of the defined methods above. For Ciscos with RCP methods
	add into cisco's startup-config something like this:

	no ip rcmd domain-lookup
	ip rcmd rcp-enable
	ip rcmd remote-host <local_user> <cherry_ip> <cherry_user> enable

	Where, <local_user> is any username on cisco (can be any varchar);
	       <cherry_ip> is an IP address of the host you run Cherry on;
	       <cherry_user> is a user name you run updating script from.
		 
	3. Check that you added all your NASes the list of know network access
	servers. To do this, follow the WEB-base interface menu:
		"SETTINGS" -> "Base setting" -> "Network access servers".

	4. Check that /usr/lib/cherry/inet_fixed_ip/access_nas.sh proceeds your access
	methods in proper way. This script is pretty simple to understand.
	It gets a number of command line arguments when running, and a feed
	of completed IP access list on STDIN. It is called once for each NAS.	

	5. Check the system crontab which should contain a line like:

	*/5  *   *   *   *    cherry    /usr/lib/cherry/inet_fixed_ip/ip_access_list_update.pl 

