Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error 6909#100185 - Logged under Status/System Logs/System/General

    Scheduled Pinned Locked Moved
    webGUI
    3
    4
    527
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmeshurle
      last edited by

      I have these four errors reported by a client, then connectivity drops. I searched the forums and could not locate anything related to something similar to this error.
      The 192.168.1.9 is a DNS/Primary DC. DNS from Windows goes out of the network for any local resolution (1.1.1.1).
      There are two DCs/DNS servers on the network with no issues with the DCs and replication is good.
      Any guidance would be appreciated!

      May 3 14:20:18 nginx 2023/05/03 14:20:18 [error] 6909#100185: *54790 open() "/usr/local/www/HNAP1" failed (2: No such file or directory), client: 192.168.1.9, server: , request: "GET /HNAP1 HTTP/1.1", host: "192.168.1.254:444"

      May 3 14:20:18 nginx 2023/05/03 14:20:18 [error] 6909#100185: *54789 open() "/usr/local/www/sdk" failed (2: No such file or directory), client: 192.168.1.9, server: , request: "POST /sdk HTTP/1.1", host: "192.168.1.254:444"

      May 3 14:20:18 nginx 2023/05/03 14:20:18 [error] 6909#100185: *54788 open() "/usr/local/www/evox/about" failed (2: No such file or directory), client: 192.168.1.9, server: , request: "GET /evox/about HTTP/1.1", host: "192.168.1.254:444"

      May 3 14:20:18 nginx 2023/05/03 14:20:18 [error] 6909#100185: *54787 open() "/usr/local/www/nmaplowercheck1683138018" failed (2: No such file or directory), client: 192.168.1.9, server: , request: "GET /nmaplowercheck1683138018 HTTP/1.1", host: "192.168.1.254:444"

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @mmeshurle
        last edited by

        @mmeshurle Define “connectivity drops”?

        Is there a probe or scanner running on that server that would be making http requests to devices on the network?

        You could create a firewall rule to block 80/443 from that server IP. That’s masking the issue though.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by jimp

          192.168.1.9 is apparently running an nmap scan against the firewall and the GUI port is open to it, so its requests are being processed by the firewall's web server. Searching the files being requested they come back to various aspects of nmap scan/test probes.

          It's hard to say what might be causing a connectivity loss, but I'd start by making sure 192.168.1.9 isn't compromised in some way and causing local network issues.

          Also, lock down the rules so only approved local management hosts can reach the firewall. Anything else should only blocked with exceptions to pass DNS and other local service ports and ICMP depending on what's running on the firewall.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          M 1 Reply Last reply Reply Quote 1
          • M
            mmeshurle @jimp
            last edited by

            @jimp Damn it. Should of looked further. We deploy Atera RMM and I have a scanning agent on that server/IP. I will take the router out of the scan.
            Thanks @jimp for catching that!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post