Nice work, commited!

Ok, thanks.

As far as the other settings go with bandwidthd (Skip Interval, Graph Cutoff, the CDF outputs and Draw Graph stuff - do I need to enter anything in those to get bandwidthd working? Or is the default fine for most purposes?

Cheers,
Kim

Hi

is there anywhere i can get package to install in order to test it? and also see it in webgui?

Thanks, will check that one out!

yes i now i have the same problem

I'm new to pfSense, but I like it so far.

I installed on my machine from the LiveCD 1.2-Beta-1 from 4/30/07, and then grabbed the 6-6-07 snapshot. I added the package SNORT, got my Oinkmaster code, updated definitions and such, but I don't think it's working. When I go to Services->Snort in the webgui and check for blocked IPs or alerts, there are none.

From a shell, Top:

last pid: 19201;  load averages:  0.07,  0.29,  0.20                                                          up 0+02:58:29  18:26:02 31 processes:  1 running, 30 sleeping CPU states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle Mem: 43M Active, 46M Inact, 66M Wired, 111M Buf, 841M Free Swap:  PID USERNAME  THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND  482 root        1   4    0 23060K 21208K accept   0:03  0.00% php 1575 root        1   8   20  1752K  1256K wait     0:01  0.00% sh  472 root        1   4    0  3736K  3240K kqread   0:01  0.00% lighttpd  481 root        1   4    0 22608K 20644K accept   0:01  0.00% php 1397 root        1   8   20  1272K   720K nanslp   0:00  0.00% check_reload_status 18550 root        1  96    0  2424K  1652K RUN      0:00  0.00% top  232 root        1  96    0  1180K   796K select   0:00  0.00% mpd  303 root        1 -58    0  3552K  1752K bpf      0:00  0.00% tcpdump  852 _ntp        1  96    0  1340K  1052K select   0:00  0.00% ntpd  190 root        1  96    0  1440K  1040K select   0:00  0.00% syslogd 18448 root        1  96    0  5744K  2788K select   0:00  0.00% sshd  441 proxy       1   4    0   656K   416K kqread   0:00  0.00% pftpx  816 dhcpd       1  96    0  2264K  1896K select   0:00  0.00% dhcpd  857 root        1   8    0  1384K  1016K nanslp   0:00  0.00% cron  589 root        1 102    0  1336K  1096K select   0:00  0.00% mpd  546 nobody      1  96    0  1460K  1088K select   0:00  0.00% dnsmasq  477 root        1   8    0 14200K  4708K wait     0:00  0.00% php  478 root        1   8    0 14200K  4708K wait     0:00  0.00% php  855 root        1  96    0  1376K  1048K select   0:00  0.00% ntpd 1411 root        1   8    0  1712K  1360K wait     0:00  0.00% login  304 root        1  -8    0  1276K   724K piperd   0:00  0.00% logger 18539 root        1  20    0  3772K  2776K pause    0:00  0.00% tcsh 1399 root        1   8    0  1268K   732K nanslp   0:00  0.00% minicron  114 root        1  96    0   504K   360K select   0:00  0.00% devd  238 root        1  -8    0  1268K   628K piperd   0:00  0.00% sshlockout_pf 18451 root        1   8    0  1728K  1212K wait     0:00  0.00% sh 1484 root        1   5    0  1724K  1208K ttyin    0:00  0.00% sh 1483 root        1   8    0  1720K  1204K wait     0:00  0.00% sh  237 root        1  96    0  3060K  2404K select   0:00  0.00% sshd 18428 root        1   4    0  1292K   908K kqread   0:00  0.00% snort2c 19186 root        1   8   20  1256K   468K nanslp   0:00  0.00% sleep

For a while I briefly saw 'snort' (not snort2c) at around 96% cpu usage, but now it's gone.

messages:
(truncated)

Jun 27 18:18:49 snort[18423]: | gen-id=1 sig-id=6487 type=Limit tracking=src count=1 seconds=300 Jun 27 18:18:49 snort[18423]: | gen-id=1 sig-id=6487 type=Limit tracking=src count=1 seconds=300 Jun 27 18:18:49 snort[18423]: +-----------------------[suppression]------------------------------------------ Jun 27 18:18:49 snort[18423]: +-----------------------[suppression]------------------------------------------ Jun 27 18:18:49 snort[18423]: | none Jun 27 18:18:49 snort[18423]: | none Jun 27 18:18:49 snort[18423]: ------------------------------------------------------------------------------- Jun 27 18:18:49 snort[18423]: ------------------------------------------------------------------------------- Jun 27 18:18:49 snort[18423]: Rule application order: ->activation->dynamic->pass->drop->alert->log Jun 27 18:18:49 snort[18423]: Rule application order: ->activation->dynamic->pass->drop->alert->log Jun 27 18:18:49 snort[18423]: Log directory = /var/log/snort Jun 27 18:18:49 snort[18423]: Log directory = /var/log/snort Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'dce.bind.veritas' is set but not ever checked. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'dce.bind.veritas' is set but not ever checked. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'fkwp_conn_suc_cts' is set but not ever checked. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'fkwp_conn_suc_cts' is set but not ever checked. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'backdoor.charon.download.log.1' is checked but not ever set. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'backdoor.charon.download.log.1' is checked but not ever set. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'odf.file' is set but not ever checked. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'odf.file' is set but not ever checked. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'optixlite_fai_conn_cts' is set but not ever checked. Jun 27 18:18:49 snort[18423]: Warning: flowbits key 'optixlite_fai_conn_cts' is set but not ever checked. Jun 27 18:18:49 snort[18423]: 327 out of 512 flowbits in use. Jun 27 18:18:49 snort[18423]: 327 out of 512 flowbits in use. Jun 27 18:18:49 snort[18423]: Initializing daemon mode Jun 27 18:18:49 snort[18423]: Initializing daemon mode Jun 27 18:18:49 snort[18425]: PID path stat checked out ok, PID path set to /var/run/ Jun 27 18:18:49 snort[18425]: PID path stat checked out ok, PID path set to /var/run/ Jun 27 18:18:49 snort[18425]: Writing PID "18425" to file "/var/run//snort_ng0.pid" Jun 27 18:18:49 snort[18425]: Writing PID "18425" to file "/var/run//snort_ng0.pid" Jun 27 18:18:49 snort[18423]: Daemon parent exiting Jun 27 18:18:49 snort[18423]: Daemon parent exiting Jun 27 18:18:49 snort[18425]: Daemon initialized, signaled parent pid: 18423 Jun 27 18:18:49 snort[18425]: Daemon initialized, signaled parent pid: 18423 Jun 27 18:18:49 snort2c[18428]: snort2c running in daemon mode pid: 18428 Jun 27 18:18:49 snort2c[18428]: snort2c running in daemon mode pid: 18428

Should it be working?

Thanks.

-Casey

I removed the package and also deleted each and every file and/or directory that was named ntop (libs, /var/db, /tmp, etc…) .

Then I reinstalled the package again, reconfigured it and now its working again.

Regards from Rio de Janeiro, Brazil.

i use squid as my content filter already.. I believe the biggest issue would be to build a gui for it.. just do a search on bsd + transparent squid proxy…

Hello, a new time!

I think http://forum.pfsense.org/index.php/topic,5195.0.html is the same problem …

Regards,

Josep Pujadas

1. The access to https://my_pfSense/bandwidthd page is not protected. Is it "by design" or is it a gap?

By design i think

2. Why the GUI limits bandwidthd to an unique subnet? I must to choose LAN or WAN. If I want LAN & WAN & others interfaces I can't do it? Is it possible a different configuration editing config.xml

As i remember not many could use more than 1 interface so it got forced. But there is more info in the bounty post.

From http://sourceforge.net/projects/bandwidthd

RE: monitor multiple devices
By: tlhonmey (tlhonmey) - 2007-01-16 08:55
So far as I know, bandwidthd is only capable of capturing on one interface. If you want to capture on more than one then you'll need to run two copies with two different config files. Make sure you use different PID files and save locations.

You'd want to install Squid (web proxy), enable logging in it and then install Lightsquid (to make it easy to view the squid logs).

To ensure people use it you'd probably want to set up firewall rules on the LAN port to block access to outbound 80/tcp and 443/tcp.  You could simply tick the box for the transparent proxy, but that wouldn't catch HTTPS (443/tcp).

It´s working 4 me i unpluged the power and wen it reached below 40% (battery) it gave the low battery alarm ,and after it reached the 30% the firewall halted with the message (The operating system has halted.Press any key to reboot)

My syslog server gave me this :

-Critical message from: 10.xx.xx.xx
Hostname: upsmon[33704]:
Executing automatic power-fail shutdown

-Notice message from: 10.xx.xx.xx
Hostname: upsmon[33704]:
Auto logout and shutdown proceeding

-Notice message from: 10.xx.xx.xx
Hostname: shutdown:
halt by root:

Ah, the answer was to modify the path called by one of the other packages install button to:

http: //pfsense.local/pkg_mgr_install.php?id=Dashboard

And bingo, it re-installs and works.

Your need access to the Internet and a installed version of pfSense.

And it is recommended to use 1.2beta on new installs
http://pfsense.blogspot.com/2007/05/choosing-which-version-to-run.html

http://www.pfsense.com/mirror.php?section=updates