Messages

Did you manually copy the geo files to the appropriate folder?  I've had to do this for each upgrade of OPNsense (a couple exceptions maybe...but mostly every time).  I'm not running ntopng since 12.1.5 as it causes excessive CPU usage for me...but this is the procedure I would need to perform to get the geo data feature enabled (along with the google api key for the map).

Copy files to /usr/local/share/ntopng/httpdocs/geoip/ (from MaxMind)

GeoLite2-ASN.mmdb
GeoLite2-Country.mmdb
GeoLite2-City.mmdb

chmod +x /usr/local/opnsense/scripts/OPNsense/Ntopng/generate_certs.php

Yes, correct.  The widget on the dashboard.

Thanks!  Figured this went ignored.

This is specific to the dashboard Firewall Logs module.  It seems if there aren't enough records in the firewall log it will repeat the lines that are available in order to populate to the specific number of lines in the preference.  In my situation I have 2 records in the firewall logs but choose to show 12 lines.  Those two records get repeated to fill the 12 lines.  See attachment.  Not sure if I should be reporting this here.  Thx.

I copied the GeoIP databases to the same folder as usual (manually, as below).  That seemed to work although the map view now is different and doesn't have the slick graphics it did before, feels like a step backward.  I need to read up on it...maybe I'm missing something.

Copy files to /usr/local/share/ntopng/httpdocs/geoip/

GeoLite2-ASN.mmdb
GeoLite2-Country.mmdb
GeoLite2-City.mmdb

chmod +x /usr/local/opnsense/scripts/OPNsense/Ntopng/generate_certs.php

Then restarting ntopng worked.  I didn't notice the log file issue.

Can you send me the exact command? Then I can try to automate it in setup script

Thanks but not sure what you can change aside from the chmod command above.  Some background...whenever ntopng is updated (or maybe other times too) the files mentioned above get removed.  These are the geo IP data files which are not apparently distributed with the package (which makes sense since they are time sensitive and now require an account to access).  I just ftp them over to the folder mentioned above and execute the chmod command...these are details I found in a youtube video explaining how to enable geo-features in ntopng in OPNsense.  It worked so I just do this process when needed.  Thanks!

I copied the GeoIP databases to the same folder as usual (manually, as below).  That seemed to work although the map view now is different and doesn't have the slick graphics it did before, feels like a step backward.  I need to read up on it...maybe I'm missing something.

Copy files to /usr/local/share/ntopng/httpdocs/geoip/

GeoLite2-ASN.mmdb
GeoLite2-Country.mmdb
GeoLite2-City.mmdb

chmod +x /usr/local/opnsense/scripts/OPNsense/Ntopng/generate_certs.php

Then restarting ntopng worked.  I didn't notice the log file issue.

Thanks Franco!  Just updated no issues, but am seeing higher than normal CPU that looks to be attributable to ntopng.  It varies between 50 and 100 (gui) vs normal idle of between 0 and 25.  Looking at it via "top" it looks very high (50 to 300%).  Not sure...maybe others can chime in...I've disabled it for now.  Looks like that's an updated package too, but no mention in the release notes (?).  Again, thanks and stay healthy!

If you can get out you're fine.  Are you on the pihole beta?  It's solid and I've been running it for a couple weeks.  Some nice new features.  Might fix your issue too.  Or if not interested in the beta you can try to do a repair:

sudo pihole -r

https://pi-hole.net/2020/01/19/announcing-a-beta-test-of-pi-hole-5-0/

Yeah that looks fine.  On pihole (log into command line) can you ping a web page, say "ping www.example.com" and does it resolve it?  If not, the problem in on pihole.

Did you set up the default rules for outbound traffic from the LAN (i.e., LAN NET) to WAN (i.e., ANY)?  Could be that.

Check your firewall log to make sure you're not getting blocked.

Can you ping the pihole?  I have that setup (actually running dual), no issues.  You may need firewall rules if it's on a different subnet, that's no different than it would have been in pfSense though.  Did you verify the IP address?

I specify my pihole addresses in the DHCP page in services.  I also run the Unbound service (not on the Rpi) for local device resolution.  I have checked Register DHCP leases and Register DHCP mappings.  DNSmasq is not enabled.  Hopefully that helps some.

Thanks for the reply.  Feels like a guessing game.  OK, first thing I checked was the TSO setting even though it's checked "disable" (in interface settings) is defaulting to a 1 in the tunables.  Changed that to zero and rebooted.  Not sure if that setting is relevant.

Reboot (Mbuf values):
Initial: 9626/470086
30 min: 9880/470086
120 min: 11140/470086

Will monitor further, but looks to be same growth rate.  Not sure what a normal value for mbuf's is.  I have less than 40 clients, typical home environment.  Primary LAN, VLAN (guest/iot) and WAN interfaces.  I did have a second physical LAN but removed that months ago.


UPDATE: This problem with leaking mbuf's has now seemingly been resolved with 20.7, after 24 hours, the mbuf count has not increased and sits at 10318 vs substantially higher to where after a couple weeks it would be several hundred thousand (with 1 million allocated).

Again, thanks.

Searched for an answer, but couldn't find anything relevant.  Basically, is there an issue when the MBUF gets too large (assuming that would be 100%)?  Does this value (or should it) ever shrink in size?  Mine does not.  I don't remember this being an ever-growing value when I first starting using OPNsense about six months ago, though I could be mistaken.  In any case, any guidance or information would be appreciated. 

Thanks and cheers!

When I execute the curl command you posted, I get none of that HTML stuff...I just get the text (comment lines and list of IPs). 

The IP address for me resolves as: 104.18.103.225

PS - Some of the text you posted doesn't appear on that page.  For example, " The Spamhaus Project Ltd. All rights reserved" is not present...so not sure where it's being forwarded to or where it's coming from.

I have "URL Table" and that works for me (3 separate URL aliases).  All my settings match the OP except he didn't show the rule using the alias...though I'd assume that's entered correctly.

Any log messages showing it tried but failed?

Did you add a rule that uses this alias?