Host Status Display for services behind firewall $100

miteltec · Oct 10, 2008, 7:16 PM

I need a way to see status of Netgear switchs and/or other devices behind the firewall at a glance. I have set the Netgear Managed switches as Static's and mapped to MAC, but they always show offline because there are no active sessions, and never will be. I would like the monitor to show http status and Ping status, updated regularly, and be able to click to http or ping the host behind the firewall. Another option would be to have the SNMP agent set up to be able to monitor the status of the hosts.
Anyone else think this would be valuable?

rnilsson · Oct 11, 2008, 11:35 PM

Hi.

Maybe not the solution you are looking for, but NRPE (nagios addon/plugin) that could proxy your requests if the software will run on freebsd-base.
I run this setup on a few OpenBSD-firewalls and looking into the possibility running NRPE on pfsense.

Regards,
Rikard

miteltec · Oct 12, 2008, 3:47 AM

Thanks Rikard, but I was hoping there was an easier solultion. Most routers out there now including open source replacements for major market boxes like ddwrt will do this. I know that one of those smart programmers could whip this up in a couple hours and create a package. Correct me if I am wrong, but we are just talking about pinging some hosts behind the firewall then reporting back to UI. Maybe there are no others that see this as a potentially valuable tool. Or nobody is using pfsense like I am. 400 guest users on the system and 30 meg internet feed. I always have at least 100 users with active dhcp leases using the system. I would just like to see the status of my netgear switches for troubleshooting purposes and general health of the client experience.
Then again, maybe this is just too complicated….........?

Doug.

cybrsrfr · Oct 17, 2008, 6:01 AM

@miteltec:

Then again, maybe this is just too complicated….........?

Its not too complicated actually sounds pretty simple. Are you wanting this to check the status when you go to the status page or do you want it running on a schedule and averaging the results?

I just finished the first version of a package for pfSense 1.2.1 called FreeSWITCH. It can be a VOIP proxy or a Full PBX. http://forum.pfsense.org/index.php/topic,11930.0.html

Mark

miteltec · Oct 18, 2008, 8:30 PM

Mark,
Thanks for the reply. Here is the problem. The method used to determine if a static client is online or offline is not acceptable. When I set up the MAC of the switches and corresponding IP's, the static table always shows "offline". I think that if the method was changed to either ping the host or check response to a port active would be better. I don't need to to do any calculations for uptime, I just need it to show that the static is active instead of offline. The probe should be flexible, like ping every minute or so. That way it would make it easier to see at a glance if there are problems with my netgear switches or other static hosts behind the firewall. SNMP, i think could also be used to check the the status of statics, but I have done snmpwalk and don't see any oid's for them. What I have been doing, is forward specific port ranges to these devices and using remote port 80 scans to check the status. This is turning out to be a little overwhelming for I have 20 systems deployed and plan to deploy another 20 before the end of the year. These are extended stay hotels for 400 or more rooms contained if 12 buildings with 13 48 port netgear switches. If these were smaller installs, it would not be so much of a problem. But at scales this large, management and troubleshooting become a real problem for me. I am using dsl extenders to distribute the data to the buildings and those connections are very troublesome at times.

What are your thoughts?

Doug.

thekod · Oct 31, 2008, 5:45 AM

Currently the page does an ARP lookup on all the clients…this isn't working?
EDIT: Just got a Linksys SRW2016, the ARP lookup isn't working...

billm · Feb 9, 2009, 1:45 AM

Just a thought, the server load balance code could check the status of your switches. Just give it a 127.x.x.x address for the virtual IP (I'm pretty sure we're still forcing input and not giving a select dropdown for that field).

–Bill

jimp · Apr 20, 2009, 1:07 AM

Another thought: If the pfSense box periodically sent a ping to these other devices, whether or not they respond to ping, they should still show up in the arp list at that point, and thus be shown as 'online' in the Arp Tables display.

All you'd need is a cron job that would ping a list of IPs every x seconds, where x is equivalent to the time frame in which an arp entry will last (see sysctl oid net.link.ether.inet.max_age)

jimp · Apr 20, 2009, 1:08 AM

At the opposite end of the scale for this, someone might want to pursue a package for Nagios.

Not sure I'd want that on my edge router/firewall, but many others might.