Ntopng development
-
Hi All,
I reached out to Luca Deri from ntop.org a while back in the hope that there may be some way to license his awesome ntopng software for use with some of our clients. I mentioned that we use pfSense in a few locations and he said he was keen to try and get ntopng to work with pfsense WITH packet filtering.
In the last batch of emails his questions went well beyond my own capabilities, so I said I would raise it on the forum and see if anyone could assist him.
For reference his email is deri (@) ntop (.) org
Here's a trail of the conversation.
Would ntopng integration with pfSense (e.g. mark packets that you can then discard in pfSense based on L7 protocol) be what you are looking for?
ntopng compiles on the latest FreeBSD: what version are you using?
We have started to do some integration with pfSense in a similar way other apps do and it seems not too difficult. We would like to use ntopng in a way that packets are marked by ntopng and you can drop them in pfSense to avoid duplication of roles.
as of of sense, please read https://github.com/ntop/ntopng/blob/dev/doc/README.pfsense and let me know your comments. I am no too familiar with pfsense and your opinion is valuable. For instance can you please send me a merge request for the readme where you describe, step by step, how to configure ALTQ queues where I can send classified flows?
in the meantime I have implemented some pfSense support in ntopng (see https://github.com/ntop/ntopng/blob/dev/doc/README.pfsense). I hope is what you need.
If you can find a sponsor for finishing/polishing this work that would be great
Regards Luca
-
It may compile on FreeBSD in that case but the FreeBSD port needs fixed: https://www.freshports.org/net/ntopng/
Once the port is fixed, then we can get it back into a package, but the port has to come first.
-
It's been moving along and Luca is in the loop: https://github.com/ntop/ntopng/issues/297#issuecomment-198017871
-
Awesome. I wasn't sure if anyone on here had been in contact with him. I reached out in January, but I'm not a developer.
I'd gladly pay a license to be able to use pfSense with nTopng+nDPI.
We have a number of sites where pfSense is the perfect solution, but lack of application filtering (and cumbersome web filtering) has resulted in us needing to put more expensive 'commercial' solutions in place.
-
https://redmine.pfsense.org/issues/6204
hopefully issue will b fixed soon
-
Any news?
-
it seems they are testing it internally
https://github.com/ntop/ntopng/issues/297
@Andrew17856 Hi, I'm working on the FreeBSD port. I'm almost done with that, I'm waiting for feedback from a pair of persons who are helping me test it. I'm going to commit it as soon as I'm sure it works fine. If you want to test the FreeBSD port you can grab what I have done here: http://www.madpilot.net/~mad/ntopng_port.txz Please note that this also needs adding a user in /usr/ports/UIDs and /usr/ports/GIDs to work: > grep ntop UIDs GIDs UIDs:ntopng:*:288:288::0:0:ntopng daemon user:/nonexistent:/usr/sbin/nologin GIDs:ntopng:*:288: -
Looks like we have a port now:
http://www.freshports.org/net/ntopng/ -
Hi All
Is there any update on when we can expect the ntop-ng package to be released? I see there is a post about a failed install (https://forum.pfsense.org/index.php?topic=113173.0) but I don't see the package in the available list on pfSense yet.
Thanks to all for the work to make it available.
Been using pfSense since it was 0. something Beta on various sites/configurations. Awesome to see where it has got to.
-
ntopng is back in the 2.3.2 snapshot, see https://redmine.pfsense.org/issues/6443
However, the ability to install from custom package repository urls was removed in 2.3.x as far as I can tell, so I'm not aware of an easy way to install it on the current 2.3.1 release. (Happy to be corrected on that if someone can point me in the right direction).
-
@Andrew453 Thanks for the details.
I see that 2.3.2 is not a stable build yet.
Guess I'll be waiting a little longer unless someone can correct you :)so I'm not aware of an easy way to install it on the current 2.3.1 release. (Happy to be corrected on that if someone can point me in the right direction).
-
… if you're happy to run off a development snapshot, you can specify the development branch in the update settings in pfSense, but that will update your entire system.
-
I've been following the developments very closely. There isn't any way ntopng is going to be included in 2.3.1 update 2, is there? Or will we need to wait until the stable release of 2.3.2?
-
If it proves stable enough on 2.3.2, it may be made available elsewhere. It's still being tested, though.
-
great. I think there's a lot of ppl waiting for it.
just because it's an excellent interface to monitor realtime bandwidth usage on the fw and I don't seem to be able to find a good alternative to it.
-
Thank you for adding this package! It is working well for me locally, but I am having issues with setting up ntopng over HTTPS via NGINX.
I have tried setting up a proxy_pass directive, but I cannot get past the login screen. I also tried editing the /usr/local/etc/rc.d/ntopng.sh file to add –http-prefix="/ntopng" to the startup strings, but unfortunately I get the same issue.
Can we integrate SSL certificates into ntopng or allow for native nginx https proxy through pfSense's nginx setup?
Thank you!
-
temporarily to fix the authentication/login issue through NGINX, I have added –disable-login '1' to the /usr/local/pkg/ntopng.inc file in the DNS Mode string:
/* DNS Mode */ if (is_numeric($ntopng_config['dns_mode']) && ($ntopng_config['dns_mode'] >= 0) && ($ntopng_config['dns_mode'] <= 3)) { $dns_mode = "--disable-login '1' --dns-mode " . escapeshellarg($ntopng_config['dns_mode']); }I enabled htaccess password protection via nginx.
Everything is working great now! Thanks!
-
If it proves stable enough on 2.3.2, it may be made available elsewhere. It's still being tested, though.
Is there a chance that it will be included as an alpha release in 2.3.2?
-
It's already in 2.3.2. If you install a 2.3.2 snapshot you can use it now (or at least once I get this fix pushed to correct the password handling)
When 2.3.2 releases (probably next week) you'll have access to it.
-
any chance of pulling in the 2.4 version of ntopng that is available in FreeBSD ports?
The changelog is long, but the first 2 items alone seem enough to make it worth it:
-
Memory-management, stability and speed have been fundamentally improved
-
We have kept an eye on security and hardened the code to prevent privileges escalation and XSS
-
