Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem ips suricata, no wan out graphs

    Scheduled Pinned Locked Moved
    IDS/IPS
    2
    3
    387
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stef93
      last edited by Stef93

      ee34aca2-c9dd-4a1e-bb0c-c2cfd3af3c29-image.png
      Hello. Problems with enabled suricata + enabled signature rules. Blocking Mode - inline ips on wan port. I found an old topic on the forum, but enabling ips on the lan interface is not an option. pfsense version - 2.6.0, proxmox, vtnet driver, vlans on the network, dual wan.
      ||proxmox-ve: 7.2-1 (running kernel: 5.13.19-6-pve)
      pve-manager: 7.2-4 (running version: 7.2-4/ca9d43cc)
      pve-kernel-5.15: 7.2-4
      pve-kernel-helper: 7.2-4
      pve-kernel-5.13: 7.1-9
      pve-kernel-5.11: 7.0-10
      pve-kernel-5.4: 6.4-15
      pve-kernel-5.15.35-2-pve: 5.15.35-5
      pve-kernel-5.15.35-1-pve: 5.15.35-3
      pve-kernel-5.15.30-2-pve: 5.15.30-3
      pve-kernel-5.13.19-6-pve: 5.13.19-15
      pve-kernel-5.13.19-5-pve: 5.13.19-13
      pve-kernel-5.13.19-4-pve: 5.13.19-9
      pve-kernel-5.13.19-2-pve: 5.13.19-4
      pve-kernel-5.13.19-1-pve: 5.13.19-3
      pve-kernel-5.11.22-7-pve: 5.11.22-12
      pve-kernel-5.11.22-5-pve: 5.11.22-10
      pve-kernel-5.4.174-2-pve: 5.4.174-2
      pve-kernel-5.4.166-1-pve: 5.4.166-1
      pve-kernel-5.4.157-1-pve: 5.4.157-1
      pve-kernel-5.4.143-1-pve: 5.4.143-1
      pve-kernel-5.4.140-1-pve: 5.4.140-1
      pve-kernel-5.4.106-1-pve: 5.4.106-1
      ceph-fuse: 14.2.21-1
      corosync: 3.1.5-pve2
      criu: 3.15-1+pve-1
      glusterfs-client: 9.2-1
      ifupdown: residual config
      ifupdown2: 3.1.0-1+pmx3
      ksm-control-daemon: 1.4-1
      libjs-extjs: 7.0.0-1
      libknet1: 1.24-pve1
      libproxmox-acme-perl: 1.4.2
      libproxmox-backup-qemu0: 1.3.1-1
      libpve-access-control: 7.2-2
      libpve-apiclient-perl: 3.2-1
      libpve-common-perl: 7.2-2
      libpve-guest-common-perl: 4.1-2
      libpve-http-server-perl: 4.1-2
      libpve-storage-perl: 7.2-4
      libqb0: 1.0.5-1
      libspice-server1: 0.14.3-2.1
      lvm2: 2.03.11-2.1
      lxc-pve: 4.0.12-1
      lxcfs: 4.0.12-pve1
      novnc-pve: 1.3.0-3
      openvswitch-switch: 2.15.0+ds1-2+deb11u1
      proxmox-backup-client: 2.2.3-1
      proxmox-backup-file-restore: 2.2.3-1
      proxmox-mini-journalreader: 1.3-1
      proxmox-widget-toolkit: 3.5.1
      pve-cluster: 7.2-1
      pve-container: 4.2-1
      pve-docs: 7.2-2
      pve-edk2-firmware: 3.20210831-2
      pve-firewall: 4.2-5
      pve-firmware: 3.4-2
      pve-ha-manager: 3.3-4
      pve-i18n: 2.7-2
      pve-qemu-kvm: 6.2.0-10
      pve-xtermjs: 4.16.0-1
      qemu-server: 7.2-3
      smartmontools: 7.2-pve3
      spiceterm: 3.2-2
      swtpm: 0.7.1~bpo11+1
      vncterm: 1.7-1
      zfsutils-linux: 2.1.4-pve1||

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        I thought this issue had been sorted out with the move to FreeBSD 12.3 in pfSense. There was a patch submitted by the OPNSense team that was upstreamed into FreeBSD.

        A possibility is that the vtnet driver on Proxmox (or something else within Proxmox) is the culprit.

        The original issue in FreeBSD was the way the iflib wrapper library was skipping updating traffic counters when in netmap mode. I can say that the issue is within the operating system, though, and thus there is nothing the Suricata package can do about the missing graph data.

        1 Reply Last reply Reply Quote 0
        • S
          Stef93
          last edited by

          Problem solved. Updated proxmox, chose iommu and threw 2 wan ports through iommu (igb).

          fe0d765e-0a81-41c8-aee9-9fc4f8d40280-image.png

          5422af3e-d633-453d-a354-9ea9eb035fc3-image.png

          root@pve:~# pveversion -v
          proxmox-ve: 7.2-1 (running kernel: 5.15.39-4-pve)
          pve-manager: 7.2-7 (running version: 7.2-7/d0dd0e85)
          pve-kernel-5.15: 7.2-9
          pve-kernel-helper: 7.2-9
          pve-kernel-5.13: 7.1-9
          pve-kernel-5.11: 7.0-10
          pve-kernel-5.4: 6.4-15
          pve-kernel-5.15.39-4-pve: 5.15.39-4
          pve-kernel-5.15.35-2-pve: 5.15.35-5
          pve-kernel-5.15.35-1-pve: 5.15.35-3
          pve-kernel-5.15.30-2-pve: 5.15.30-3
          pve-kernel-5.13.19-6-pve: 5.13.19-15
          pve-kernel-5.13.19-5-pve: 5.13.19-13
          pve-kernel-5.13.19-4-pve: 5.13.19-9
          pve-kernel-5.13.19-2-pve: 5.13.19-4
          pve-kernel-5.13.19-1-pve: 5.13.19-3
          pve-kernel-5.11.22-7-pve: 5.11.22-12
          pve-kernel-5.11.22-5-pve: 5.11.22-10
          pve-kernel-5.4.174-2-pve: 5.4.174-2
          pve-kernel-5.4.166-1-pve: 5.4.166-1
          pve-kernel-5.4.157-1-pve: 5.4.157-1
          pve-kernel-5.4.143-1-pve: 5.4.143-1
          pve-kernel-5.4.140-1-pve: 5.4.140-1
          pve-kernel-5.4.106-1-pve: 5.4.106-1
          ceph-fuse: 14.2.21-1
          corosync: 3.1.5-pve2
          criu: 3.15-1+pve-1
          glusterfs-client: 9.2-1
          ifupdown: residual config
          ifupdown2: 3.1.0-1+pmx3
          ksm-control-daemon: 1.4-1
          libjs-extjs: 7.0.0-1
          libknet1: 1.24-pve1
          libproxmox-acme-perl: 1.4.2
          libproxmox-backup-qemu0: 1.3.1-1
          libpve-access-control: 7.2-4
          libpve-apiclient-perl: 3.2-1
          libpve-common-perl: 7.2-2
          libpve-guest-common-perl: 4.1-2
          libpve-http-server-perl: 4.1-3
          libpve-storage-perl: 7.2-8
          libqb0: 1.0.5-1
          libspice-server1: 0.14.3-2.1
          lvm2: 2.03.11-2.1
          lxc-pve: 5.0.0-3
          lxcfs: 4.0.12-pve1
          novnc-pve: 1.3.0-3
          openvswitch-switch: 2.15.0+ds1-2+deb11u1
          proxmox-backup-client: 2.2.5-1
          proxmox-backup-file-restore: 2.2.5-1
          proxmox-mini-journalreader: 1.3-1
          proxmox-widget-toolkit: 3.5.1
          pve-cluster: 7.2-2
          pve-container: 4.2-2
          pve-docs: 7.2-2
          pve-edk2-firmware: 3.20220526-1
          pve-firewall: 4.2-5
          pve-firmware: 3.5-1
          pve-ha-manager: 3.4.0
          pve-i18n: 2.7-2
          pve-qemu-kvm: 7.0.0-2
          pve-xtermjs: 4.16.0-1
          qemu-server: 7.2-4
          smartmontools: 7.2-pve3
          spiceterm: 3.2-2
          swtpm: 0.7.1~bpo11+1
          vncterm: 1.7-1
          zfsutils-linux: 2.1.5-pve1

          1 Reply Last reply Reply Quote 0
          • First post
            Last post