Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Tracing NTP in Firewall Live View
« previous
next »
Print
Pages: [
1
]
Author
Topic: Tracing NTP in Firewall Live View (Read 3288 times)
Heathy65
Newbie
Posts: 36
Karma: 2
Tracing NTP in Firewall Live View
«
on:
March 26, 2021, 12:50:22 pm »
I've been fault finding ntp (running as a service on OPNsense). I thought I would use the Live View feature in the Firewall settings to diagnose. However I am not seeing any ntp traffic in relation to the traffic I am generating towards OPNsense using w32tm or Angry IP Scanner). If I use the latter and scan for ports 80,443 & 123 I do see the 80/443 in the Live View but nothing relating to the 123.
I assume I'm missing something obvious. Any thoughts appreciated.
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Tracing NTP in Firewall Live View
«
Reply #1 on:
March 27, 2021, 08:01:38 am »
Quote
If I use the latter and scan for ports 80,443 & 123
are you sure you probing udp?
Logged
Heathy65
Newbie
Posts: 36
Karma: 2
Re: Tracing NTP in Firewall Live View
«
Reply #2 on:
March 27, 2021, 08:29:41 am »
Good thought, but regardless of it being TCP of UDP what I don't understand is that I'm not seeing the traffic in the Firewall -> Log Files -> Live view.
For example if I use Angry IP Scanner towards my firewall for the ports 80, 443, 8080, I get a reply (allow) for the 80/443 as expected but for 8080 I get nothing (nothing in the log).
I'm wondering if I'm confusing what's listening on a given port with what the firewall is/isn't allowing. i.e. for port 8080 there's nothing even listening on that port on the firewall and may be that's why I get nothing back rather than any deny from the firewall?
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Tracing NTP in Firewall Live View
«
Reply #3 on:
March 27, 2021, 10:41:17 am »
you can check that ntpd is listening on udp:123 in Interfaces: Diagnostics: Netstat->Socket->Active Internet Connections.
to view request from LAN to services on OPN you need to enable logging for "Default allow LAN to any rule"
Logged
Heathy65
Newbie
Posts: 36
Karma: 2
Re: Tracing NTP in Firewall Live View
«
Reply #4 on:
March 28, 2021, 10:30:09 pm »
So I can see the inbound udp/123 traffic in the packet capture (no response though). There's nothing in the firewall live view trace at all (deny rule is logging).
Looking at Interfaces: Diagnostics: Netstat I do see my LAN (igb0)
udp4/[192.168.1.1:123-*:*]
protocol:udp4
receive-bytes-waiting:0
send-bytes-waiting:0
But this command from my PC doesn't work (i.e. I get an error).
w32tm /stripchart /computer:192.168.1.1 /dataonly /samples:5
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Tracing NTP in Firewall Live View
«
Reply #5 on:
March 29, 2021, 12:07:47 pm »
hm
is "Default allow LAN to any" rule enabled? is logging for this rule enabled?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Tracing NTP in Firewall Live View