NTOP ng issues since upgrade
-
@grindey If I monitor the Wan port of the firewall NTOPng works as expected but only the wan port IP addresses are visible as you would expect.
Also it was downloading something it did not ask it to and was phoning home to some antivirus website.
If I set it to monitor the Lan port which is what I want it to do it dies instantly.
The issue appears to be either config or firewall rule related . If it has unfiltered internet access it works, when its filtered it dies.
It worked from behind the firewall before under the previous PFSense version and an older version of NTOPng
Anybody got any ideas ?
-
I've been investigating the behaviour on my installation and confirm everything you've said above.
I enabled it only for the WAN interface and it started up first time.
It looks like the downloads were various definition files for the protocols it monitors. Until they were downloaded, various pages showed "YOU SHOULD NOT BE HERE" and listed all sorts of file errors.
I then enabled it on my WiFi interface and, again, it started up without a problem.
Finally, I enabled the LAN and, like you said, it refused to start. So I disabled the LAN again and it worked as expected so the LAN is definitely the problem.
But...
I remembered that the last thing that had happened to my system prior to the failure was an upgrade to pfBlockerNG so I disabled that, added the LAN in again and NtopNG started up without a hitch. I could then re-enable pfBlockerNG and things seem to be stable.
It looks like there's some sort of clash between the two packages and that NtopNG needs to load up before pfBlockerNG but, as long as the startup order is correct, both packages run properly.
So, if you're using pfBlocker, try disabling it temporarily until Ntop starts up. You can re-enable it afterwards.
Again. I'll keep monitoring things and let you know if I find anything alse.
-
Tried what you suggested and it did not work, but thanks for suggesting it.
My version is pfBlockerNG-devel I read somewhere it was the better of the two so I installed it when I first built my firewall last year.
If I had to choose between the two pieces of software I will keep pfBlockerNG-devel as I need it daily ,ntopng is a nice to have.
-
Wow @BBcan177 can you please check? It really true that or NtopNG work on LAN && pfBlockNG start 2nd otherwise NtopNG fail to start.
-
@dragoangel
I don't use NTOP, but for pfBlockerNG, its recommended to set the DNSBL Interface to "localhost" -
Thanks for that suggestion - that seems to have fixed things.
I had DNSBL set to listen on "LAN" for some reason ( I don't remember ever setting it so it must have been that way for a very long time).
Changing it to "localhost" lets me add LAN monitoring back into NtopNG which now starts up without a hitch.
-
@bbcan177 hi, thanks for reply. Your suggestion correct, just curious why pfblockerng on lan interface which use different ports than ntopng can lead to stuff like this.
-
Hi All ,thanks for the info that has fixed the problem,thanks for all your help.
I wonder if the issue is caused by firewall rules. I only allow 192.168.1.0/24 via my LAN but lan2 and wan allow anything out but nothing in.
I have a Samsung TV which filled my Lan implicit deny rule with rubbish so I put it on its own LAN and allow everything out. pfBlockerNG-devel uses ports 80 and 443 I control those ports on the Lan. Just a guess probably talking nonsense. pfBlockerNG-devel would work when monitoring these.
Firewall now up and working how I want it and monitoring traffic ,again thanks for the assistance
-
@grindey said in NTOP ng issues since upgrade:
This should have read pfBlockerNG-devel would work when monitoring these other lans
Lan2 and Wan . Sorry fat finger trouble. -
Take 3
This should have read Ntopng would work when monitoring these other lans
Lan2 and Wan . Sorry brain trouble need more coffee.