[Solved] Cannot reach maltrail server

Started by jds, June 15, 2020, 09:45:03 PM

Previous topic - Next topic
June 15, 2020, 09:45:03 PM Last Edit: June 15, 2020, 10:13:26 PM by jds
I was trying again to setup maltrail. The GUI says that both the sensor and the server are running fine.  In fact, /var/log/maltrail/2020-06-15.log logs very recent suspicious activity.  There is nothing in the general or backend system logs that looks problematic.
Apparently, it takes some time for the server to show up, but after waiting several hours, I still can not reach the server.  The sensor is on the default 8337 port, and the server on the default 8338 port.  The URL to listen on is the opnsense static LAN IP. Any attempt to reach that IP:8338 just times out.

Here is the config file (which still shows the default login credentials):

# [Server]
HTTP_ADDRESS 192.168.1.50
HTTP_PORT 8338
USE_SSL false


DISABLE_LOCAL_LOG_STORAGE false

SENSOR_NAME $HOSTNAME
CUSTOM_TRAILS_DIR /usr/local/maltrail/trails/custom/
PROCESS_COUNT $CPU_CORES
DISABLE_CPU_AFFINITY false
USE_FEED_UPDATES true
DISABLED_FEEDS turris, ciarmy, policeman, myip, alienvault
UPDATE_PERIOD 86400
USE_SERVER_UPDATE_TRAILS false
USE_HEURISTICS true
CHECK_MISSING_HOST false
CHECK_HOST_DOMAINS false
SHOW_DEBUG false
LOG_DIR /var/log/maltrail
MONITOR_INTERFACE em0,ovpnc2,em3
CAPTURE_BUFFER 10%
CAPTURE_FILTER udp or icmp or (tcp and (tcp[tcpflags] == tcp-syn or port 80 or port 1080 or port 3128 or port 8000 or port 8080 or port 8118))
USERS
    admin:9ab3cd9d67bf49d01f6a2e33d0bd9bc804ddbe6ce1ff5d219c42624851db5dbc:2000:0.0.0.0/0                        # changeme!


Can anyone suggest where else to dig?

Hi,
just to be on the safe side. Did you create a rule to allow traffic from the lan to "this firewall" on the Maltrail port?
amichel

Ahh! That must be it.  I just added a firewall rule in the LAN interface: Source=LAN net, Destination=This Firewall, protocol=TCP/UDP, and then set the port range as 8338.  Put it at the top. That allows me to reach the Maltrail server and log in.

THANKS!