Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Intrusion Detection w/ IPS enabled = nothing works
« previous
next »
Print
Pages: [
1
]
Author
Topic: Intrusion Detection w/ IPS enabled = nothing works (Read 31418 times)
steverino
Newbie
Posts: 3
Karma: 0
Intrusion Detection w/ IPS enabled = nothing works
«
on:
May 15, 2017, 01:39:13 am »
Hello, I'm having a strange issue when I enable Intrusion Detection and IPS.
When both are enabled, my port forwards are no longer open (tested via port scan from outside of the network) and none of my websites resolve/load within the local network. I notice when I enable Intrusion Detection with IPS mode enabled, there are a few lines of code that scroll past on the console. I've attached a screenshot.
In the screenshot...
-> The white lines show up when IDS/IPS is enabled. At this point, no traffic flows to client machines (websites sit loading/spinning) and port forwards disappear from outside.
-> The last line at the bottom shows up when IDS/IPS is disabled. Then, all 'stuck' website queries/traffic suddenly shows up and ports are re-opened on the outside.
A little bit about my environment:
-Proxmox (5 BETA) host w/ bridged ports from a dual nic (RTL8111 chipset) (host is Xeon 1240, can't do passthrough)
-OPNsense 17.1.6-amd64
-Hardware CRC, TSO, LRO, and VLAN filtering all disabled
-IDS enabled on the WAN port
-the general array of 'default'/already enabled/disabled rules still checked/unchecked
I'd much prefer being able to enable Intrusion Detection and IPS
but it's strange that nothing else seems to work when they are... Any ideas?
Logged
Manxmann
Newbie
Posts: 24
Karma: 0
Re: Intrusion Detection w/ IPS enabled = nothing works
«
Reply #1 on:
May 30, 2017, 02:49:22 pm »
I've had a similar issue with ProxMox 4.4, eventually put the issue down to buggy VirtIO nic drivers in FreeBSD.
Moving my exact same config (Back/restore) to physical hardware with Intel e1000 style nics and everything works.
Have you tried changing the Nic type to e1000?
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Intrusion Detection w/ IPS enabled = nothing works
«
Reply #2 on:
May 30, 2017, 03:10:42 pm »
I have the same issue with ProfitBricks which runs OpenStack ...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
michaelvv
Newbie
Posts: 5
Karma: 1
Re: Intrusion Detection w/ IPS enabled = nothing works
«
Reply #3 on:
June 29, 2017, 05:28:44 am »
Same issue on proxmox 4.3.x , but if I change to E1000 it works without any problems.
But E1000 is a CPUHOOG in KVM compared to Virtuo... So it's really a showstopper.
Haven't had any issues with PfSense and virtuo since FreeBsd version 9.1 , so why is the virtuo
driver buggy and broken now
Best Michael.
Logged
hightechrdn
Newbie
Posts: 5
Karma: 0
Re: Intrusion Detection w/ IPS enabled = nothing works
«
Reply #4 on:
December 30, 2017, 07:25:24 am »
Removing my reply as I decided it was better to create a new thread "Intrusion Detection plus IPS enabled plus vrtio = blocked network traffic" in the IDS/IPS subforum since I am using the current stable version of OPNsense (17.7.11), not a Legacy version.
https://forum.opnsense.org/index.php?topic=6737.0
«
Last Edit: December 30, 2017, 09:21:00 pm by hightechrdn
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Intrusion Detection w/ IPS enabled = nothing works