3. HAVP + Snort: connect() failed: Operation not permitted

HAVP + Snort: connect() failed: Operation not permitted

  • Z

    Current setup

    pfSense 2.1-RELEASE (i386)
FreeBSD 8.3-RELEASE-p11
snort 	2.9.5.5 pkg v3.0.3
HAVP antivirus 	0.91_1 pkg v1.01
squid 	Network 	2.7.9 pkg v.4.3.3

    Squid is configured as a transparent proxy, and HAVP as the parent for Squid (and set accordingly in the config). Snort is not configured to block sites when an alert is triggered, but is apparently doing so anyways.
    The system log files show

    Feb 12 13:22:12 	havp[55759]: connect() failed: Operation not permitted
Feb 12 13:22:01 	havp[44820]: connect() failed: Operation not permitted
Feb 12 13:22:00 	havp[44820]: connect() failed: Operation not permitted
Feb 12 13:21:59 	havp[44820]: connect() failed: Operation not permitted
Feb 12 13:21:08 	havp[77462]: connect() failed: Operation not permitted
Feb 12 13:21:06 	havp[78132]: connect() failed: Operation not permitted
Feb 12 13:21:05 	havp[44591]: connect() failed: Operation not permitted
Feb 12 13:19:37 	havp[57273]: connect() failed: Operation not permitted
Feb 12 13:17:21 	havp[55759]: connect() failed: Operation not permitted

    It would seem that I am having the same issue as the OP in this post: https://forum.pfsense.org/index.php/topic,18725.0.html.
    Was this ever fixed?

    0

  • @Zosimo:

    Current setup

    pfSense 2.1-RELEASE (i386)
FreeBSD 8.3-RELEASE-p11
snort 	2.9.5.5 pkg v3.0.3
HAVP antivirus 	0.91_1 pkg v1.01
squid 	Network 	2.7.9 pkg v.4.3.3

    Squid is configured as a transparent proxy, and HAVP as the parent for Squid (and set accordingly in the config). Snort is not configured to block sites when an alert is triggered, but is apparently doing so anyways.
    The system log files show

    Feb 12 13:22:12 	havp[55759]: connect() failed: Operation not permitted
Feb 12 13:22:01 	havp[44820]: connect() failed: Operation not permitted
Feb 12 13:22:00 	havp[44820]: connect() failed: Operation not permitted
Feb 12 13:21:59 	havp[44820]: connect() failed: Operation not permitted
Feb 12 13:21:08 	havp[77462]: connect() failed: Operation not permitted
Feb 12 13:21:06 	havp[78132]: connect() failed: Operation not permitted
Feb 12 13:21:05 	havp[44591]: connect() failed: Operation not permitted
Feb 12 13:19:37 	havp[57273]: connect() failed: Operation not permitted
Feb 12 13:17:21 	havp[55759]: connect() failed: Operation not permitted

    It would seem that I am having the same issue as the OP in this post: https://forum.pfsense.org/index.php/topic,18725.0.html.
    Was this ever fixed?

    Snort should not block anything if you have the "block offenders" checkbox unchecked on the Interface tab.  If you think Snort is the cause, simply stop the Snort process by clicking the green arrow icon on the Snort Interfaces tab and waiting for it to turn to a red X.  At that point Snort is dead and not blocking anymore.  Try your connection then.  If it still fails, then Snort is not your problem.

    Another way to check if Snort is the cause is to click on Diagnostics…Tables and select the snort2c table in the dropdown list.  If no IP addresses show up, then Snort is not blocking.  All blocked IPs by Snort get put in the snort2c table that you can view under Diagnostics…Tables.  If an IP address is not in that table, then Snort is not blocking that IP.

    Bill

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy