Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - rabievdm

#1
I was looking through the forums and documentation and whilst I could find references to TRIM on SSD's I couldn't really work out how to enable it?

Does it get set automatically or if not where should I go and set it?
#2
Hi,

Just checking on sizes...
I noticed that my logs rotate to quickly with default settings so I increased them from the default 512K (empty) to 200MB (209715200), saved the setting and reset the logs.
Everything appeared ok, but when I tried viewing the logs via the WEBGUI it would not return any results in the live view and then trying any other web interaction would fail and the web server would be unresponsive which required a restart of the services. I tried reducing the size, but had to bring the logs way down to 10MB for it to remain stable.

So 2 questions:
1) Anyone else seen this issue? (I'm on 19.7.7 and 19.7.8)
2) Anyone else increasing log file sizes? The defaults seems way too little and there doesn't seem to be an option to rotate logs. What do others do to maintain log history, send to remote?

Regards
#3
On 19.7.2
The wan interface gets DHCP from the internet provider and it does work, but takes a long time on boot up.
Then under normal operation I do see deny messages in the logs:

filterlog: 11,,,0,vtnet1,match,block,in,4,0x0,,64,0,0,none,17,udp,344,0.0.0.0,255.255.255.255,68,67,324
And in the live view:
   NET1      Aug 25 14:24:09   0.0.0.0:68   255.255.255.255:67   udp   Default deny rule

I do see the following automatically generated rules at the top of my wan interface:
      IPv4+6 UDP    *    67    *    68    *    *    allow DHCP client on NET1    
      IPv4+6 UDP    *    68    *    67    *    *    allow DHCP client on NET1    

I have removed my default deny from the WAN interface as I understand that the fault action would be block and log, but still am still seeing the denies, any thoughts?
#4
19.7 Legacy Series / Feature request: Health -> System
August 14, 2019, 01:28:17 PM
Hi,

Anyone else see any value in having the ability to stack the user/nice/system utilization under the Health/System graph to be able to gauge total CPU utilization?

And then also to capture and graph the loadAVG?
And if we do measure the LA can we express that as value relative to 1?
ie systemLoadAverage/nrCPUs=normalizedLoadAverage.
Thus you would know when the load is an issue regardless of the number of CPUs or have to work out what it should be as the number of CPU's have been changed (in the case of a VM).

Regards
Rabie
#5
18.7 Legacy Series / 18.7.10 Suricata remove rules
January 14, 2019, 09:59:53 AM
I'm on 18.7.10 and took PT Research for a spin a while back on a non-commercial box (home :) )
Recently I stated having issues with one of my internal server that runs certbot (LetsEncrypt) and all my certificate renewal are being detected as MALWARE.
As I change a rule another one pops up.

I have tried first going to the Download tab, selecting PT Research and changing it from Drop to Alert seems to not have made any changes (when checking the Rules tab and the Alerts tab it is still set to and gets dropped). Going to the Rules tab and list the all and selecting them and then clicking on the little unselect button on the bottom left seem to make no change.
Then removing the PT Research via the System>Firmware>plugins and I remove the PT Research it uninstalls, but the rules are still in the rulebase.

So the primary question is how to remove the rules (not just disable them? But then why does the options to bulk update not work either.
#6
Hi,

I was wondering if there is anything on the roadmap to get the traffic shaper into the graphs so that we can get some stats over time?

R
#7
I'm trying to update my one system to 17.7.12_1 (latest 17.7) and not to 18.1
The GUI just says no update available (although it shows 17.7.12)
I did try the TUI which notes that there might be minor updates, but I get a nothing to do, all packages are up to date.
I'm using the default repositories, what am I missing?

PS. I did scan the forums and docs, but couldn't find anything obvious.
#8
Hi,

I'm trying to run a tracepath from an internal linux box to a box on the internet but the tracepath stops at the firewall. I have checked the logs (see below) and I don't have an IPS on the internal or internet interface (pppoe).
It looks like the firewall is passing the traffic, but it's not succeeding.
I have run the same command (same destination) at another location that has a Palo Alto firewall and the tracepath completed successfully.
Tracepath used UDP packets to test the MTU size of the links along the way to the destination.

Any thoughts? Am I barking up the wrong firewall tree (seeing as the firewall is always to blame :) )


(IP's have been masked below)
--snip--firewall log--
00:00:00.988106 rule 80/0(match): pass in on vtnet0: (tos 0x0, ttl 9, id 0, offset 0, flags [DF], proto UDP (17), length 1500)
    192.168.235.2.47894 > 156.156.16.6.44469: UDP, length 1472
00:00:00.012892 rule 72/0(match): pass out on pppoe0: (tos 0x0, ttl 8, id 0, offset 0, flags [DF], proto UDP (17), length 1500)
    156.255.106.183.60807 > 156.156.16.6.44469: UDP, length 1472
--snip--
--snip--tracepath--
[root@bob ~]# tracepath -n 156.156.16.6
1?: [LOCALHOST]                                         pmtu 1500
1:  192.168.235.1                                         0.351ms
1:  192.168.235.1                                         0.166ms
2:  no reply
3:  no reply
4:  no reply
5:  no reply
6:  no reply
7:  no reply
8:  no reply
--snip--
#9
Hi,

Am I just being stupid, is there a way to specify and explicit value when using the WUI to search the firewall logs?
eg: Going to Firewall>Logs>Normal View and searching for an ip of "192.168.0.1" and it would return 192.168.0.1* ie .1 and any combination of .1
....
I have found that a $ at the end seems to terminate the search so I have my answer, but now I am wondering are there any other permissable wildcards? "*" doesn't seem to work?
#10
Hi,

I'm on the 17.1 series and was wondering if there is a way to bind the WebUI to a specific interface eg Internal and not have it bind to any other interfaces?
I'm trying to run an OVPN instance on the external interface on TCP443, whilst this appears to work the WebUI stops working when the firewall is booted as OVPN is already bound to the external interface by the time the WebUI starts.

Regards
Rabie