NTOP ng issues since upgrade
-
Hi All ,since updating from the previous "current release" to the latest 2.5.0 release my NTOPng does not work see below for details
I have no idea at all how to fix this error and google is particularly silent on the issue.Also update status in the GUI does not work nor does cpu load all worked before and the previous "current release" 2.4.5_1 said my cpu did support AES-NI
I am not worried about the CPU load but I need NTOPng to work and also update status.
Everything else is working fine but the update from the GUI failed when rebooted so I rebuilt it from scratch to 2.5.0
Any help gratefully accepted even if you just point me in right direction to fix things myself.
[2.5.0-RELEASE][root@Firewall.*******.co.uk]/root: NTOPng
snip working text
24/Feb/2021 10:34:48 [Ntop.cpp:872] Adding 2a02:8011:9002:4::1/128 as IPv6 interface address for em1
24/Feb/2021 10:34:48 [Ntop.cpp:882] Adding 2a02:8011:9002:4::1/64 as IPv6 local network for em1
24/Feb/2021 10:34:48 [Ntop.cpp:841] Adding 10.10.10.1/32 as IPv4 interface address for em1
24/Feb/2021 10:34:48 [Ntop.cpp:850] Adding 10.10.10.0/24 as IPv4 local network for em1
24/Feb/2021 10:34:48 [Ntop.cpp:872] Adding ::10.10.10.1/128 as IPv6 interface address for em1
24/Feb/2021 10:34:48 [Ntop.cpp:882] Adding ::10.10.10.1/128 as IPv6 local network for em1
Assertion failed: (prefix->bitlen <= patricia->maxbits), function patricia_lookup, file src/../third-party/patricia/patricia.c, line 753.<------??????Fails here and stops, it is the latest package according to the package manager its ntopng-4.2.d20210122,1
Version 2.5.0-RELEASE (amd64)
built on Tue Feb 16 08:56:29 EST 2021
FreeBSD 12.2-STABLEObtaining update status
CPU Type Intel(R) Celeron(R) CPU 3865U @ 1.80GHz
Current: 1700 MHz, Max: 1801 MHz
2 CPUs:
AES-NI CPU Crypto: No -
I have exactly the same NTopNG problem here (and exactly the same type of log entries) I also see
pid 82066 (ntopng), jid 0, uid 0: exited on signal 6 (core dumped)in the system logs.
The odd thing is that it was working just fine for a week or so and then it just stopped and can't be restarted.
The only upgrades since moving to pfSense V 2.5 have been to pfBlockerNG (prior to the failure of NtopNG) and Snort (after the failure so probably unrelated).
As you point out, Google is of no help and there have been no other reports on this forum.
I'm trying all sorts of different settings to see if any of them have any effect - I'll post back if I find anything helpful
On your other point - there's an easy workaround:-
In your "System Information" widget on the dashboard, click on the spanner (or "wrench" if you're not in the UK!) and put a tick next to "State Table Size". Save the settings and you'll see the info you need (and the check for updates will work again as well). It's a known bug and it's been reported.
-
I have it working at the moment .
I un/reinstalled the software with a firewall reboot between the two
I have set it up to only monitor the wan port but with the lan ipv4 and ipv6 addresses in the custom networks in the local list and that is working at the moment. The firewall allow rule is above all of the pfb blocker rules
Also added a firewall allow rule to " firewall ip address port 3000 tcp/udp" from the local network
It seem to be a config issue causing the ntopng server to crash.
it is phoning home to somewhere at the moment but I will stop that
the sys info worked as well thanks so all working at the moment.
-
@grindey If I monitor the Wan port of the firewall NTOPng works as expected but only the wan port IP addresses are visible as you would expect.
Also it was downloading something it did not ask it to and was phoning home to some antivirus website.
If I set it to monitor the Lan port which is what I want it to do it dies instantly.
The issue appears to be either config or firewall rule related . If it has unfiltered internet access it works, when its filtered it dies.
It worked from behind the firewall before under the previous PFSense version and an older version of NTOPng
Anybody got any ideas ?
-
I've been investigating the behaviour on my installation and confirm everything you've said above.
I enabled it only for the WAN interface and it started up first time.
It looks like the downloads were various definition files for the protocols it monitors. Until they were downloaded, various pages showed "YOU SHOULD NOT BE HERE" and listed all sorts of file errors.
I then enabled it on my WiFi interface and, again, it started up without a problem.
Finally, I enabled the LAN and, like you said, it refused to start. So I disabled the LAN again and it worked as expected so the LAN is definitely the problem.
But...
I remembered that the last thing that had happened to my system prior to the failure was an upgrade to pfBlockerNG so I disabled that, added the LAN in again and NtopNG started up without a hitch. I could then re-enable pfBlockerNG and things seem to be stable.
It looks like there's some sort of clash between the two packages and that NtopNG needs to load up before pfBlockerNG but, as long as the startup order is correct, both packages run properly.
So, if you're using pfBlocker, try disabling it temporarily until Ntop starts up. You can re-enable it afterwards.
Again. I'll keep monitoring things and let you know if I find anything alse.
-
Tried what you suggested and it did not work, but thanks for suggesting it.
My version is pfBlockerNG-devel I read somewhere it was the better of the two so I installed it when I first built my firewall last year.
If I had to choose between the two pieces of software I will keep pfBlockerNG-devel as I need it daily ,ntopng is a nice to have.
-
Wow @BBcan177 can you please check? It really true that or NtopNG work on LAN && pfBlockNG start 2nd otherwise NtopNG fail to start.
-
@dragoangel
I don't use NTOP, but for pfBlockerNG, its recommended to set the DNSBL Interface to "localhost""Experience is something you don't get until just after you need it."
Website: http://pfBlockerNG.com
Twitter: @BBcan177 #pfBlockerNG
Reddit: https://www.reddit.com/r/pfBlockerNG/new/ -
Thanks for that suggestion - that seems to have fixed things.
I had DNSBL set to listen on "LAN" for some reason ( I don't remember ever setting it so it must have been that way for a very long time).
Changing it to "localhost" lets me add LAN monitoring back into NtopNG which now starts up without a hitch.
-
@bbcan177 hi, thanks for reply. Your suggestion correct, just curious why pfblockerng on lan interface which use different ports than ntopng can lead to stuff like this.
-
Hi All ,thanks for the info that has fixed the problem,thanks for all your help.
I wonder if the issue is caused by firewall rules. I only allow 192.168.1.0/24 via my LAN but lan2 and wan allow anything out but nothing in.
I have a Samsung TV which filled my Lan implicit deny rule with rubbish so I put it on its own LAN and allow everything out. pfBlockerNG-devel uses ports 80 and 443 I control those ports on the Lan. Just a guess probably talking nonsense. pfBlockerNG-devel would work when monitoring these.
Firewall now up and working how I want it and monitoring traffic ,again thanks for the assistance
-
@grindey said in NTOP ng issues since upgrade:
This should have read pfBlockerNG-devel would work when monitoring these other lans
Lan2 and Wan . Sorry fat finger trouble. -
Take 3
This should have read Ntopng would work when monitoring these other lans
Lan2 and Wan . Sorry brain trouble need more coffee.
