OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: Heathy65 on March 26, 2021, 12:50:22 pm
-
I've been fault finding ntp (running as a service on OPNsense). I thought I would use the Live View feature in the Firewall settings to diagnose. However I am not seeing any ntp traffic in relation to the traffic I am generating towards OPNsense using w32tm or Angry IP Scanner). If I use the latter and scan for ports 80,443 & 123 I do see the 80/443 in the Live View but nothing relating to the 123.
I assume I'm missing something obvious. Any thoughts appreciated.
-
If I use the latter and scan for ports 80,443 & 123
are you sure you probing udp?
-
Good thought, but regardless of it being TCP of UDP what I don't understand is that I'm not seeing the traffic in the Firewall -> Log Files -> Live view.
For example if I use Angry IP Scanner towards my firewall for the ports 80, 443, 8080, I get a reply (allow) for the 80/443 as expected but for 8080 I get nothing (nothing in the log).
I'm wondering if I'm confusing what's listening on a given port with what the firewall is/isn't allowing. i.e. for port 8080 there's nothing even listening on that port on the firewall and may be that's why I get nothing back rather than any deny from the firewall?
-
you can check that ntpd is listening on udp:123 in Interfaces: Diagnostics: Netstat->Socket->Active Internet Connections.
to view request from LAN to services on OPN you need to enable logging for "Default allow LAN to any rule"
-
So I can see the inbound udp/123 traffic in the packet capture (no response though). There's nothing in the firewall live view trace at all (deny rule is logging).
Looking at Interfaces: Diagnostics: Netstat I do see my LAN (igb0)
udp4/[192.168.1.1:123-*:*]
protocol:udp4
receive-bytes-waiting:0
send-bytes-waiting:0
But this command from my PC doesn't work (i.e. I get an error).
w32tm /stripchart /computer:192.168.1.1 /dataonly /samples:5
-
hm
is "Default allow LAN to any" rule enabled? is logging for this rule enabled?