Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NTOP ng issues since upgrade

    Scheduled Pinned Locked Moved Traffic Monitoring
    13 Posts 4 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Grindey
      last edited by

      I have it working at the moment .

      I un/reinstalled the software with a firewall reboot between the two

      I have set it up to only monitor the wan port but with the lan ipv4 and ipv6 addresses in the custom networks in the local list and that is working at the moment. The firewall allow rule is above all of the pfb blocker rules

      Also added a firewall allow rule to " firewall ip address port 3000 tcp/udp" from the local network

      It seem to be a config issue causing the ntopng server to crash.

      it is phoning home to somewhere at the moment but I will stop that

      the sys info worked as well thanks so all working at the moment.

      G 1 Reply Last reply Reply Quote 0
      • G
        Grindey @Grindey
        last edited by

        @grindey If I monitor the Wan port of the firewall NTOPng works as expected but only the wan port IP addresses are visible as you would expect.

        Also it was downloading something it did not ask it to and was phoning home to some antivirus website.

        If I set it to monitor the Lan port which is what I want it to do it dies instantly.

        The issue appears to be either config or firewall rule related . If it has unfiltered internet access it works, when its filtered it dies.

        It worked from behind the firewall before under the previous PFSense version and an older version of NTOPng

        Anybody got any ideas ?

        AllanGA 1 Reply Last reply Reply Quote 0
        • AllanGA
          AllanG @Grindey
          last edited by

          @grindey

          I've been investigating the behaviour on my installation and confirm everything you've said above.

          I enabled it only for the WAN interface and it started up first time.

          It looks like the downloads were various definition files for the protocols it monitors. Until they were downloaded, various pages showed "YOU SHOULD NOT BE HERE" and listed all sorts of file errors.

          I then enabled it on my WiFi interface and, again, it started up without a problem.

          Finally, I enabled the LAN and, like you said, it refused to start. So I disabled the LAN again and it worked as expected so the LAN is definitely the problem.

          But...

          I remembered that the last thing that had happened to my system prior to the failure was an upgrade to pfBlockerNG so I disabled that, added the LAN in again and NtopNG started up without a hitch. I could then re-enable pfBlockerNG and things seem to be stable.

          It looks like there's some sort of clash between the two packages and that NtopNG needs to load up before pfBlockerNG but, as long as the startup order is correct, both packages run properly.

          So, if you're using pfBlocker, try disabling it temporarily until Ntop starts up. You can re-enable it afterwards.

          Again. I'll keep monitoring things and let you know if I find anything alse.

          1 Reply Last reply Reply Quote 0
          • G
            Grindey
            last edited by

            Tried what you suggested and it did not work, but thanks for suggesting it.

            My version is pfBlockerNG-devel I read somewhere it was the better of the two so I installed it when I first built my firewall last year.

            If I had to choose between the two pieces of software I will keep pfBlockerNG-devel as I need it daily ,ntopng is a nice to have.

            1 Reply Last reply Reply Quote 0
            • dragoangelD
              dragoangel
              last edited by dragoangel

              Wow @BBcan177 can you please check? It really true that or NtopNG work on LAN && pfBlockNG start 2nd otherwise NtopNG fail to start.

              Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
              Unifi AP-AC-LR with EAP RADIUS, US-24

              BBcan177B 1 Reply Last reply Reply Quote 0
              • BBcan177B
                BBcan177 Moderator @dragoangel
                last edited by

                @dragoangel
                I don't use NTOP, but for pfBlockerNG, its recommended to set the DNSBL Interface to "localhost"

                "Experience is something you don't get until just after you need it."

                Website: http://pfBlockerNG.com
                Twitter: @BBcan177  #pfBlockerNG
                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                AllanGA dragoangelD 2 Replies Last reply Reply Quote 0
                • AllanGA
                  AllanG @BBcan177
                  last edited by

                  @bbcan177

                  Thanks for that suggestion - that seems to have fixed things.

                  I had DNSBL set to listen on "LAN" for some reason ( I don't remember ever setting it so it must have been that way for a very long time).

                  Changing it to "localhost" lets me add LAN monitoring back into NtopNG which now starts up without a hitch.

                  1 Reply Last reply Reply Quote 0
                  • dragoangelD
                    dragoangel @BBcan177
                    last edited by

                    @bbcan177 hi, thanks for reply. Your suggestion correct, just curious why pfblockerng on lan interface which use different ports than ntopng can lead to stuff like this.

                    Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                    Unifi AP-AC-LR with EAP RADIUS, US-24

                    1 Reply Last reply Reply Quote 0
                    • G
                      Grindey
                      last edited by

                      Hi All ,thanks for the info that has fixed the problem,thanks for all your help.

                      I wonder if the issue is caused by firewall rules. I only allow 192.168.1.0/24 via my LAN but lan2 and wan allow anything out but nothing in.

                      I have a Samsung TV which filled my Lan implicit deny rule with rubbish so I put it on its own LAN and allow everything out. pfBlockerNG-devel uses ports 80 and 443 I control those ports on the Lan. Just a guess probably talking nonsense. pfBlockerNG-devel would work when monitoring these.

                      Firewall now up and working how I want it and monitoring traffic ,again thanks for the assistance

                      G 1 Reply Last reply Reply Quote 0
                      • G
                        Grindey @Grindey
                        last edited by

                        @grindey said in NTOP ng issues since upgrade:

                        This should have read pfBlockerNG-devel would work when monitoring these other lans
                        Lan2 and Wan . Sorry fat finger trouble.

                        1 Reply Last reply Reply Quote 0
                        • G
                          Grindey
                          last edited by

                          Take 3

                          This should have read Ntopng would work when monitoring these other lans
                          Lan2 and Wan . Sorry brain trouble need more coffee.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.