Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense travando promiscuous mode enabled

    Scheduled Pinned Locked Moved Portuguese
    3 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dreivi
      last edited by

      Amigos tenho pf 2.3.2 p1 estava funcionando perfeito mas hoje já travou duas vezes e voltou a funcionar sozinho, e nos logs só mostra os dados abaixo, o que pode ser?

      Nov 28 16:10:02 snort 86619 [1:2403366:3136] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 [Classification: Misc Attack] [Priority: 2] {TCP} 80.82.70.26:52401 -> 189.111.107.163:23
      Nov 28 16:08:35 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:08:35 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:08:35 xinetd 19767 Swapping defaults
      Nov 28 16:08:35 xinetd 19767 Starting reconfiguration
      Nov 28 16:08:34 kernel em1: promiscuous mode enabled
      Nov 28 16:08:34 kernel em1: promiscuous mode disabled
      Nov 28 16:08:34 ftp-proxy 87027 listening on 127.0.0.1 port 8021
      Nov 28 16:08:34 ftp-proxy 83896 listening on 127.0.0.1 port 8021
      Nov 28 16:08:34 check_reload_status Reloading filter
      Nov 28 16:08:34 SnortStartup 83101 Ignoring additional START command since Snort is already starting…
      Nov 28 16:08:27 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:08:27 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:08:27 xinetd 19767 Swapping defaults
      Nov 28 16:08:27 xinetd 19767 Starting reconfiguration
      Nov 28 16:08:24 check_reload_status Starting packages
      Nov 28 16:08:24 check_reload_status Reloading filter
      Nov 28 16:08:23 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:08:23 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:08:23 xinetd 19767 Swapping defaults
      Nov 28 16:08:23 xinetd 19767 Starting reconfiguration
      Nov 28 16:08:21 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:08:21 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:08:21 xinetd 19767 Swapping defaults
      Nov 28 16:08:21 xinetd 19767 Starting reconfiguration
      Nov 28 16:08:18 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:08:18 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:08:18 xinetd 19767 Swapping defaults
      Nov 28 16:08:18 xinetd 19767 Starting reconfiguration
      Nov 28 16:08:17 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:08:17 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:08:17 xinetd 19767 Swapping defaults
      Nov 28 16:08:17 xinetd 19767 Starting reconfiguration
      Nov 28 16:08:16 check_reload_status rc.newwanip starting ovpns1
      Nov 28 16:08:16 kernel ovpns1: link state changed to UP
      Nov 28 16:08:16 check_reload_status Reloading filter
      Nov 28 16:08:16 kernel ovpns1: link state changed to DOWN
      Nov 28 16:08:16 check_reload_status Reloading filter
      Nov 28 16:08:00 snort 68740 Non ip() parameter passed with white list, skipping...
      Nov 28 16:08:00 kernel em1: promiscuous mode enabled
      Nov 28 16:08:00 kernel em1: promiscuous mode disabled
      Nov 28 16:08:00 ftp-proxy 74445 listening on 127.0.0.1 port 8021
      Nov 28 16:08:00 ftp-proxy 69911 listening on 127.0.0.1 port 8021
      Nov 28 16:08:00 check_reload_status Reloading filter
      Nov 28 16:08:00 kernel pid 86441 (snort), uid 0: exited on signal 11
      Nov 28 16:08:00 SnortStartup 68693 Snort START for Rede Local(29275_em1)...
      Nov 28 16:07:56 check_reload_status Reloading filter
      Nov 28 16:07:56 check_reload_status Restarting OpenVPN tunnels/interfaces
      Nov 28 16:07:56 check_reload_status Restarting ipsec tunnels
      Nov 28 16:07:56 check_reload_status updating dyndns WANGW
      Nov 28 16:07:53 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:07:53 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:07:53 xinetd 19767 Swapping defaults
      Nov 28 16:07:53 xinetd 19767 Starting reconfiguration
      Nov 28 16:07:39 check_reload_status Starting packages
      Nov 28 16:07:39 check_reload_status Reloading filter
      Nov 28 16:07:37 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:07:37 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:07:37 xinetd 19767 Swapping defaults
      Nov 28 16:07:37 xinetd 19767 Starting reconfiguration
      Nov 28 16:07:33 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:07:33 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:07:33 xinetd 19767 Swapping defaults
      Nov 28 16:07:33 xinetd 19767 Starting reconfiguration
      Nov 28 16:07:19 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:07:19 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:07:19 xinetd 19767 Swapping defaults
      Nov 28 16:07:19 xinetd 19767 Starting reconfiguration
      Nov 28 16:07:10 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
      Nov 28 16:07:10 xinetd 19767 readjusting service 6969-udp
      Nov 28 16:07:10 xinetd 19767 Swapping defaults
      Nov 28 16:07:10 xinetd 19767 Starting reconfiguration
      Nov 28 16:07:09 check_reload_status rc.newwanip starting ovpns1
      Nov 28 16:07:09 kernel ovpns1: link state changed to UP
      Nov 28 16:07:09 check_reload_status Reloading filter
      Nov 28 16:07:09 check_reload_status Reloading filter
      Nov 28 16:07:09 kernel ovpns1: link state changed to DOWN
      Nov 28 16:06:58 ja-firewall.saopaulo.com.br nginx: 2016/11/28 16:06:58 [error] 35818#100103: *426668 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.203.99, server: , request: "GET /getstats.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.203.194:10443", referrer: "https://192.168.203.194:10443/"

      1 Reply Last reply Reply Quote 0
      • J
        jvicente
        last edited by

        @dreivi:

        Amigos tenho pf 2.3.2 p1 estava funcionando perfeito mas hoje já travou duas vezes e voltou a funcionar sozinho, e nos logs só mostra os dados abaixo, o que pode ser?

        Nov 28 16:10:02 snort 86619 [1:2403366:3136] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 [Classification: Misc Attack] [Priority: 2] {TCP} 80.82.70.26:52401 -> 189.111.107.163:23
        Nov 28 16:08:35 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:08:35 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:08:35 xinetd 19767 Swapping defaults
        Nov 28 16:08:35 xinetd 19767 Starting reconfiguration
        Nov 28 16:08:34 kernel em1: promiscuous mode enabled
        Nov 28 16:08:34 kernel em1: promiscuous mode disabled
        Nov 28 16:08:34 ftp-proxy 87027 listening on 127.0.0.1 port 8021
        Nov 28 16:08:34 ftp-proxy 83896 listening on 127.0.0.1 port 8021
        Nov 28 16:08:34 check_reload_status Reloading filter
        Nov 28 16:08:34 SnortStartup 83101 Ignoring additional START command since Snort is already starting…
        Nov 28 16:08:27 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:08:27 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:08:27 xinetd 19767 Swapping defaults
        Nov 28 16:08:27 xinetd 19767 Starting reconfiguration
        Nov 28 16:08:24 check_reload_status Starting packages
        Nov 28 16:08:24 check_reload_status Reloading filter
        Nov 28 16:08:23 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:08:23 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:08:23 xinetd 19767 Swapping defaults
        Nov 28 16:08:23 xinetd 19767 Starting reconfiguration
        Nov 28 16:08:21 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:08:21 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:08:21 xinetd 19767 Swapping defaults
        Nov 28 16:08:21 xinetd 19767 Starting reconfiguration
        Nov 28 16:08:18 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:08:18 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:08:18 xinetd 19767 Swapping defaults
        Nov 28 16:08:18 xinetd 19767 Starting reconfiguration
        Nov 28 16:08:17 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:08:17 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:08:17 xinetd 19767 Swapping defaults
        Nov 28 16:08:17 xinetd 19767 Starting reconfiguration
        Nov 28 16:08:16 check_reload_status rc.newwanip starting ovpns1
        Nov 28 16:08:16 kernel ovpns1: link state changed to UP
        Nov 28 16:08:16 check_reload_status Reloading filter
        Nov 28 16:08:16 kernel ovpns1: link state changed to DOWN
        Nov 28 16:08:16 check_reload_status Reloading filter
        Nov 28 16:08:00 snort 68740 Non ip() parameter passed with white list, skipping...
        Nov 28 16:08:00 kernel em1: promiscuous mode enabled
        Nov 28 16:08:00 kernel em1: promiscuous mode disabled
        Nov 28 16:08:00 ftp-proxy 74445 listening on 127.0.0.1 port 8021
        Nov 28 16:08:00 ftp-proxy 69911 listening on 127.0.0.1 port 8021
        Nov 28 16:08:00 check_reload_status Reloading filter
        Nov 28 16:08:00 kernel pid 86441 (snort), uid 0: exited on signal 11
        Nov 28 16:08:00 SnortStartup 68693 Snort START for Rede Local(29275_em1)...
        Nov 28 16:07:56 check_reload_status Reloading filter
        Nov 28 16:07:56 check_reload_status Restarting OpenVPN tunnels/interfaces
        Nov 28 16:07:56 check_reload_status Restarting ipsec tunnels
        Nov 28 16:07:56 check_reload_status updating dyndns WANGW
        Nov 28 16:07:53 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:07:53 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:07:53 xinetd 19767 Swapping defaults
        Nov 28 16:07:53 xinetd 19767 Starting reconfiguration
        Nov 28 16:07:39 check_reload_status Starting packages
        Nov 28 16:07:39 check_reload_status Reloading filter
        Nov 28 16:07:37 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:07:37 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:07:37 xinetd 19767 Swapping defaults
        Nov 28 16:07:37 xinetd 19767 Starting reconfiguration
        Nov 28 16:07:33 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:07:33 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:07:33 xinetd 19767 Swapping defaults
        Nov 28 16:07:33 xinetd 19767 Starting reconfiguration
        Nov 28 16:07:19 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:07:19 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:07:19 xinetd 19767 Swapping defaults
        Nov 28 16:07:19 xinetd 19767 Starting reconfiguration
        Nov 28 16:07:10 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
        Nov 28 16:07:10 xinetd 19767 readjusting service 6969-udp
        Nov 28 16:07:10 xinetd 19767 Swapping defaults
        Nov 28 16:07:10 xinetd 19767 Starting reconfiguration
        Nov 28 16:07:09 check_reload_status rc.newwanip starting ovpns1
        Nov 28 16:07:09 kernel ovpns1: link state changed to UP
        Nov 28 16:07:09 check_reload_status Reloading filter
        Nov 28 16:07:09 check_reload_status Reloading filter
        Nov 28 16:07:09 kernel ovpns1: link state changed to DOWN
        Nov 28 16:06:58 ja-firewall.saopaulo.com.br nginx: 2016/11/28 16:06:58 [error] 35818#100103: *426668 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.203.99, server: , request: "GET /getstats.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.203.194:10443", referrer: "https://192.168.203.194:10443/"

        esta utilizando o snort?

        1 Reply Last reply Reply Quote 0
        • D
          dreivi
          last edited by

          Sim, estou usando o Snort, mas ele derruba a rede? estou usando ele em todas as interfaces mas colocando as redes internas como exceção, em1 do log é a rede interna, devo remover essa rede do snort?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.