Messages

[no promisc]

Then use the conf file to force no promisc.
https://www.ntop.org/guides/ntopng/how_to_start/configuration_file.html

That's a little like going to a doctor saying your arm hurts when you lift it, and the doctor telling you not to lift it. At this point, my bigger concern is what other bugs might be going on. Although, I'm not seeing anything obvious.

If I do want to run ntopng, I've been looking for a persistent way to modify the plugin's generation of ntopng.conf.  But, so far, it seems like everything is likely to be overwritten when the plugin updates. I imagine the main answer then would be to remove the plugin and install/manage ntopng separately.

I was trying to narrow down the output in Firewall -> Log Files -> Live View, but noticed (to mu surprise) that I can either use AND, or OR operators, but not a combination of both and parenthesis.

Is there any way this will be added in the future or is this not useful to others? e.g. for me it is impossible to retrieve the info I want.

But I understand that it might be a GUI issue to set () and OR and AND and thus cannot be easily implemented. But I think I might have an idea: next to the apply button there could be other buttons for (, ), OR, AND
Apply just adds the current filter to the active filter, if you want to add additional ones, you have to use one of the other buttons first (and then apply to add the expression).
That seems doable.

I would love to implement this myself, but I suck at UIs and frontend stuff.

+1.  This seems like a pretty basic feature for filtering. I just set up opnsense, but I was very surprised when I saw this was missing.

Is os-redis also installed and being used?
Do you need to have ntopng in promisc mode? You watching a span port?
Is it OPNsense VM on Proxmox
If the VM asks for promisc mode and the host is not setup for that, is there an issue?


"Proxmox can have issues with virtual machine interfaces in promiscuous mode, often requiring specific configurations to ensure traffic is properly passed to the VM. Adjusting bridge settings, such as setting bridge_ageing to 0, can help resolve these issues and allow the VM to receive all network traffic."

And then is Promox promisc set correctly?

Steps to Enable Promiscuous Mode

    Configure Network Bridge: Ensure that the network bridge used by your OPNsense VM is set to promiscuous mode. This can be done in the Proxmox web interface or via command line.

    Command Line Configuration:
        Access your Proxmox host terminal.
        Use the following command to enable promiscuous mode on the bridge interface (replace vmbrX with your actual bridge name):

Code

ip link set vmbrX promisc on

In my case, I am using os-redis, although that doesn't seem to put the interface in promiscuous mode. The WAN interface only went into promiscuous mode when I turned on ntopng.

In my case, I'm not doing virtualization.

I did the firmware updates on my NICs to 2.32, as well.

It looks like ntopng was definitely the root cause of my issues. I haven't had any problems since uninstalling ntopng. @letsief thanks for providing that github link, it seems to be the behavior I was experiencing. I'll look at adding it back again down the road, I don't think I was utilizing it at all since installing it so I'm fine without it for now.

Well, I don't think ntopng itself is really the root cause. Ntopng triggers the problem by putting the interface in promiscuous mode, but that shouldn't kill the ipv4 stack.

It is probably a driver issue, but it also seems like opnsense should be more resilient of whatever failure is going on. It appears that something is tripping up dhclient. And whatever that is, it is probably screwing up other stuff, too.

I switched ntopng to only run on the LAN interface, so the WAN doesn't end up in promiscuous mode. It seems to be working for now. We'll see if it creates other problems, though, on the LAN side.

Things were running stable after I disabled ntopng.  Turning it back on very quickly broke the ipv4 stack again.

It seems to be related to ntopng putting the interface in promiscuous mode.
https://github.com/opnsense/core/issues/7478

Not sure if there is any way to work around this problem.

I've been struggling with something similar all day. I'm just setting up opnsense for the first time (migrating from pfsense), so I've been making a lot of config changes.  It seemed like things were working ok yesterday, but the IPv4 stack on my WAN interface keeps breaking. Oddly, IPv6 keeps working fine.

The ntopng angle is interesting. I'm running that too and will try to turn it off.  I was running that yesterday without problems, but I've been playing around with the ntopng config today.  HAproxy, too.

One interesting thing I've observed is running `dhclient igc0` fixes it, but only for another ~15 minutes.

I'm running opnsense on a N305 box with I226-V NICs, too, but on bare metal.