Messages

Thanks for your response.
That might not be my ideal solution (i.e. encrypting smb traffic internally), but I'll look into it

Any other idea gents?

Everything is in the subject of this message.
Can someone please explain how to protect Samba (port 445 TCP) with Suricata, while not slowing too much the network speeds? What rules do you activate / deactivate? My network is 100% Linux and MacOsx with Gb interfaces and switches, which deliver great speeds when Suricata is off.
Suricata IDS/IPS are active on LAN, WLAN and DMZ interfaces, working great but slowing in particular SMB flows. Rest of traffic do not appear to slow down, or, at least, this is not noticeable.
Many thanks in advance

I got the issue another time. When I deactivate the WG (WireGuard) interface in the Wireguard settings, it stops the 100% CPU usage. So I'm staying with that setting at the moment...

If anyone has an idea... it'll be most welcome

Many thanks

Hi there,
Any idea why I get that error in my logs? I don't have IPv6 configured on my OPNsense (except the WAN address, but with no relay configured)

I get:
dhcp6c[10139]: Sending Solicit
dhcp6c[10139]: advertise contains NoAddrsAvail status

Many thanks in advance

Thanks for your response. I tried and rebooted my system. Will keep you posted on what happens next (if any).

By the way, going to the root console, I noticed the follwing messages that appear a bit weird (I didn't disable the wg (WireGuarg) interface, so not sure why it was 'destryed'

I'm using a Qotom Q350G4, CPU i5-4200U

Hi there, I've had twice the same issue with one my CPU bloated at 100% on this:
/usr/local/sbin/syslogd -s -c -c -P /var/run/syslog.pid -p /var/run/legacy_log -S /var/run/legacy_logpriv -k -s -s -f /var/etc/

In the Suricata logs I get also that message (inked to the WireGuard interface I have created):
suricata: [101248] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading data from iface 'wg1': (55u) No buffer space available

The only way to stop that 100% use was to stop the Suricata IDS.
Issue is that 1/ this is not normal; 2/ it barely enables the rest of the system to function correctly (web sites not accessible); 3/ and my server is quite hot! (passive cooling)

I have had that issue with both versions 20.1.3 and 20.1.4

Any ideas how to correct that please?

Many thanks in advance

I'm qui te interested in this as well.
Any views on that?
Thx

Images 7 to 8 (end)

Images 4 to 6

Hi there, hope you're OK in this difficult Covid-19 environment.

I installed OPNsense running on Proxmox on a dedicated machine with 4 NIC.

My home network is as follow (^v are representing links) :

ISP Fiber ONT (public IP)
^v
ISP Router/Wifi 192.168.0.254 (the ISP router is also a Wifi AP)
        ^v LAN1 Wifi 192.168.0.0/24
        ^v WAN OPNsense NIC1 192.168.0.31 (access authorized from private networks)
                  ^v LAN2 OPNsense NIC2 192.168.3.0/24
                            ^v Laptops and other mobile devices
                  ^v DMZ OPNsense NIC3 192.168.2.0/24
                            ^v VM1 Plex 192.168.2.18
                            ^v VM2 Duplicati 192.168.2.16
                            ^v VM3 ...

The situation:
- LAN1 and LAN2 access the Internet without any issue
- LAN2 access the DMZ without any issue
- Issue #1: DMZ can ping Google.com but:
- cannot open a web page, or cannot update my Linux VMs (apt-get does not work, on any of the 3 VM)
- Plex cannot connect to the Internet. The WAN interface denies access with a "default deny rule" that I suppose is because of a floating rule (that I can't delete!)
- Issue #2: LAN1 and Internet cannot access the DMZ (while it should, thru for example port 32400 for Plex)

Illustration of issue #1 for Plex (firewall log; the 86.xx IP is my public address, the xx.0.50 IP is my phone from LAN1, the xx.2.18 is my VM1 from DMZ):
cf. image #1

I have tried everything:
- many tries to NAT and FW rules
- enabling a DMZ on my ISP Router and directing flows to the OPNsense WAN address
- and many, many other things (cleared the states, tried Outbound NAT auto reflection, rebooted, etc.)

Any help very welcomed as I'm (quite) new to firewalls and getting a bit crazy with this!

Below my NAT, Floating rules, WAN, DMZ and LAN settings:
Firewall NAT settings
cf. image #2

Firewall Floating rules
cf. images #3, 4, 5

Firewall WAN settings
cf. image #6

Firewall DMZ settings
cf. image #7

Firewall LAN settings
cf. image #8