1
24.7 Production Series / Re: ntopng completely broken
« on: September 13, 2024, 09:50:38 pm »
The new 24.7.4 update has fixed both ntopng and crowdsec.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
24.7 Production Series / Re: ntopng completely broken
« on: September 09, 2024, 06:53:56 pm »I had squid do the same thing (port open but no connections). A restart always fixed it.
Seems to have something to do with it listening to specific IP addresses instead of 0.0.0.0.
Unfortunately, restarts and complete resets of the plugins aren't doing anything. It seems specific to TCP - my unbound (UDP) is working fine
3
24.7 Production Series / Re: ntopng completely broken
« on: September 09, 2024, 10:01:34 am »Did you check with netstat -na | grep LISTEN if the services are indeed listening on 127.0.0.1:<port>?
Yes. For redis, I see 127.0.0.1.6379 *.* LISTEN. For crowdsec, I see it listening on 6060 and 8088.
In the firewall live logs, I can also see ntopng and crowdsec being allowed to contact those ports. So clearly, the services are listening, are being allowed, but not talking back.
4
24.7 Production Series / Re: ntopng completely broken
« on: September 09, 2024, 08:25:58 am »
I doubt it's just a coincidence that ntopng and crowdsec both cannot contact their respective ports (6379 for ntopng and 8088 for crowdsec) after the update. They were working just fine prior. In fact, in my crowdsec security engine (before I tore it all down in an effort to fix this issue), it showed my bouncer as offline on the exact day I updated to 24.7. That's far too close to be a coincidence.
Edit: Most definitely an opnsense issue with TCP ports. Even running cscli metrics, metrics can't get a response from port 6060.
Edit: Most definitely an opnsense issue with TCP ports. Even running cscli metrics, metrics can't get a response from port 6060.
5
24.7 Production Series / Re: ntopng completely broken
« on: September 09, 2024, 08:07:29 am »
Under Firewall > Diagnostics > Sessions, lots of syn_sent:closed errors.
127.0.0.1:37989 127.0.0.1:1405 127.0.0.1:6379 SYN_SENT:CLOSED
127.0.0.1:37989 127.0.0.1:1405 127.0.0.1:6379 SYN_SENT:CLOSED
6
24.7 Production Series / Re: ntopng completely broken
« on: September 09, 2024, 07:40:21 am »
It appears the bug is with opnsense, not ntopng. This is evident by the fact that I have now noticed that crowdsec cannot contact the LAPI either. Please advise.
7
24.7 Production Series / Re: ntopng completely broken
« on: September 09, 2024, 06:40:56 am »
I actually already tried that post, and have the packages "properly" updated.
No dice. The only thing in the /var/db/redis folder is dmp.rdb as well. In /var/db/ntopng, I only see a .lock file. No logs even.
Edit: The other person's initial problem also appears to at least be able to get redis connected before crashing. I can't even get redis to connect.
No dice. The only thing in the /var/db/redis folder is dmp.rdb as well. In /var/db/ntopng, I only see a .lock file. No logs even.
Edit: The other person's initial problem also appears to at least be able to get redis connected before crashing. I can't even get redis to connect.
8
24.7 Production Series / ntopng completely broken
« on: September 09, 2024, 06:10:55 am »
Hi, ever since the 24.7 update, ntopng is borked. I've tried complete resets (e.g. removing all files associated with ntopng and redis), resetting the redis db, whatever, nothing works. ntopng just refuses to admit that redis is running.
I have confirmed redis is running. Always the same story: ERROR: Connection error [Operation timed out]
I have confirmed redis is running. Always the same story: ERROR: Connection error [Operation timed out]
Pages: [1]