1
Intrusion Detection and Prevention / Re: Enable IPS prevents DHCP on VLANs
« on: August 27, 2021, 02:14:43 pm »
Yes! The disabling VLAN hardware filtering is what I was missing. I had it set to default. Thank you.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Intrusion Detection and Prevention / Enable IPS prevents DHCP on VLANs
« on: August 26, 2021, 05:10:56 pm »
I'm running 21.7.1
I've been using suricata for a couple years. Originally, I had no VLANs and ran a pretty flat network. I recently redid my network and added an AP that supports VLANs. It it connected to its own interface on my router PC, my wired switch connects to another interface. I am running several VLANs on the WLAN. I realized yesterday that I never enabled suricata on the network port (igb) that the AP is on, so I did that yesterday. Everything on a Wifi VLAN broke.
Details I have since found:
As I was writing this I realize that it looks like dhcpd is trying to assign clients on the VLANs an address for the physical subnet for that port and then the client can't use that IP because it is for the wrong network.
Is there some settings I need to tweak somewhere?
I've been using suricata for a couple years. Originally, I had no VLANs and ran a pretty flat network. I recently redid my network and added an AP that supports VLANs. It it connected to its own interface on my router PC, my wired switch connects to another interface. I am running several VLANs on the WLAN. I realized yesterday that I never enabled suricata on the network port (igb) that the AP is on, so I did that yesterday. Everything on a Wifi VLAN broke.
Details I have since found:
- Things are only broken if IPS is enabled
- Things are still broken even with no rules with IPS enabled
- clients are not able to get a DHCP address assigned.
As I was writing this I realize that it looks like dhcpd is trying to assign clients on the VLANs an address for the physical subnet for that port and then the client can't use that IP because it is for the wrong network.
Is there some settings I need to tweak somewhere?
3
21.7 Legacy Series / Re: 21.1 -> 21.7 upgrade issue with plugins
« on: August 08, 2021, 10:12:11 pm »
I noticed the same thing and chalked it up to things being a bit weird during the upgrade process.
4
21.1 Legacy Series / Default deny rule started blocking things that it should not have
« on: June 24, 2021, 05:52:16 pm »
I'm running 21.1.6 on bare metal, single wan interface.
I had an issue last week where I was experiencing what seemed like service brownouts for many websites/services. I couldn't complete a login to gmail. I stopped being able to see all of my photos in google photos and couldn't upload new ones. I checked google's status page, all green. After looking around my opnsense box, I noticed that the firewall was blocking a ton of stuff heading out to the internet with the default deny rule. All of this was working fine the previous day, but for some reason opnsense decided that certain IPs should be blocked by the default deny rule. I wasn't sure if there was some cache I could choose to clear or service I could restart, so I rebooted and everything went back to normal.
This happened right before I was leaving on a trip for a few days so I just wanted ti back to working. The filter logs seem to have rolled over so I can't post a log og exactly what happened. Today I will set up sending logs to a server on my network
Has anyone else experienced the firewall starting to block things with the default deny rule when it should not?
I had an issue last week where I was experiencing what seemed like service brownouts for many websites/services. I couldn't complete a login to gmail. I stopped being able to see all of my photos in google photos and couldn't upload new ones. I checked google's status page, all green. After looking around my opnsense box, I noticed that the firewall was blocking a ton of stuff heading out to the internet with the default deny rule. All of this was working fine the previous day, but for some reason opnsense decided that certain IPs should be blocked by the default deny rule. I wasn't sure if there was some cache I could choose to clear or service I could restart, so I rebooted and everything went back to normal.
This happened right before I was leaving on a trip for a few days so I just wanted ti back to working. The filter logs seem to have rolled over so I can't post a log og exactly what happened. Today I will set up sending logs to a server on my network
Has anyone else experienced the firewall starting to block things with the default deny rule when it should not?
5
21.1 Legacy Series / Re: Suricata IDS/IPS ~56% slower than before update
« on: February 12, 2021, 09:48:40 pm »
any better on 21.1.1?
Pages: [1]