Topics

1

19.7 Production Series / Wan interface reports blocked DHCP packets

« on: August 25, 2019, 02:27:55 pm »

On 19.7.2
The wan interface gets DHCP from the internet provider and it does work, but takes a long time on boot up.
Then under normal operation I do see deny messages in the logs:

filterlog: 11,,,0,vtnet1,match,block,in,4,0x0,,64,0,0,none,17,udp,344,0.0.0.0,255.255.255.255,68,67,324
And in the live view:
   NET1      Aug 25 14:24:09   0.0.0.0:68   255.255.255.255:67   udp   Default deny rule

I do see the following automatically generated rules at the top of my wan interface:
       IPv4+6 UDP    *    67    *    68    *    *    allow DHCP client on NET1    
      IPv4+6 UDP    *    68    *    67    *    *    allow DHCP client on NET1    

I have removed my default deny from the WAN interface as I understand that the fault action would be block and log, but still am still seeing the denies, any thoughts?

2

19.7 Production Series / Feature request: Health -> System

« on: August 14, 2019, 01:28:17 pm »

Hi,

Anyone else see any value in having the ability to stack the user/nice/system utilization under the Health/System graph to be able to gauge total CPU utilization?

And then also to capture and graph the loadAVG?
And if we do measure the LA can we express that as value relative to 1?
ie systemLoadAverage/nrCPUs=normalizedLoadAverage.
Thus you would know when the load is an issue regardless of the number of CPUs or have to work out what it should be as the number of CPU's have been changed (in the case of a VM).

Regards
Rabie

3

18.7 Legacy Series / 18.7.10 Suricata remove rules

« on: January 14, 2019, 09:59:53 am »

I'm on 18.7.10 and took PT Research for a spin a while back on a non-commercial box (home )
Recently I stated having issues with one of my internal server that runs certbot (LetsEncrypt) and all my certificate renewal are being detected as MALWARE.
As I change a rule another one pops up.

I have tried first going to the Download tab, selecting PT Research and changing it from Drop to Alert seems to not have made any changes (when checking the Rules tab and the Alerts tab it is still set to and gets dropped). Going to the Rules tab and list the all and selecting them and then clicking on the little unselect button on the bottom left seem to make no change.
Then removing the PT Research via the System>Firmware>plugins and I remove the PT Research it uninstalls, but the rules are still in the rulebase.

So the primary question is how to remove the rules (not just disable them? But then why does the options to bulk update not work either.

4

18.1 Legacy Series / Feature request on Traffic Shaper

« on: April 20, 2018, 01:13:31 pm »

Hi,

I was wondering if there is anything on the roadmap to get the traffic shaper into the graphs so that we can get some stats over time?

R

5

17.7 Legacy Series / [SOLVED-user error :)] How to update to 17.7.12 and not 18.1

« on: February 05, 2018, 06:32:39 am »

I'm trying to update my one system to 17.7.12_1 (latest 17.7) and not to 18.1
The GUI just says no update available (although it shows 17.7.12)
I did try the TUI which notes that there might be minor updates, but I get a nothing to do, all packages are up to date.
I'm using the default repositories, what am I missing?

PS. I did scan the forums and docs, but couldn't find anything obvious.

6

17.7 Legacy Series / tracepath seemingly not working through firewall

« on: October 27, 2017, 09:18:14 am »

Hi,

I'm trying to run a tracepath from an internal linux box to a box on the internet but the tracepath stops at the firewall. I have checked the logs (see below) and I don't have an IPS on the internal or internet interface (pppoe).
It looks like the firewall is passing the traffic, but it's not succeeding.
I have run the same command (same destination) at another location that has a Palo Alto firewall and the tracepath completed successfully.
Tracepath used UDP packets to test the MTU size of the links along the way to the destination.

Any thoughts? Am I barking up the wrong firewall tree (seeing as the firewall is always to blame )


(IP's have been masked below)
--snip--firewall log--
00:00:00.988106 rule 80/0(match): pass in on vtnet0: (tos 0x0, ttl 9, id 0, offset 0, flags [DF], proto UDP (17), length 1500)
    192.168.235.2.47894 > 156.156.16.6.44469: UDP, length 1472
00:00:00.012892 rule 72/0(match): pass out on pppoe0: (tos 0x0, ttl 8, id 0, offset 0, flags [DF], proto UDP (17), length 1500)
    156.255.106.183.60807 > 156.156.16.6.44469: UDP, length 1472
--snip--
--snip--tracepath--
[root@bob ~]# tracepath -n 156.156.16.6
 1?: [LOCALHOST]                                         pmtu 1500
 1:  192.168.235.1                                         0.351ms
 1:  192.168.235.1                                         0.166ms
 2:  no reply
 3:  no reply
 4:  no reply
 5:  no reply
 6:  no reply
 7:  no reply
 8:  no reply
--snip--

7

17.7 Legacy Series / [SOLVED] Filter params when searching logs

« on: October 25, 2017, 04:51:13 pm »

Hi,

Am I just being stupid, is there a way to specify and explicit value when using the WUI to search the firewall logs?
eg: Going to Firewall>Logs>Normal View and searching for an ip of "192.168.0.1" and it would return 192.168.0.1* ie .1 and any combination of .1
....
I have found that a $ at the end seems to terminate the search so I have my answer, but now I am wondering are there any other permissable wildcards? "*" doesn't seem to work?

8

17.1 Legacy Series / [SOLVED] Bind WUI to a specific interface

« on: April 25, 2017, 01:07:40 pm »

Hi,

I'm on the 17.1 series and was wondering if there is a way to bind the WebUI to a specific interface eg Internal and not have it bind to any other interfaces?
I'm trying to run an OVPN instance on the external interface on TCP443, whilst this appears to work the WebUI stops working when the firewall is booted as OVPN is already bound to the external interface by the time the WebUI starts.

Regards
Rabie