Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unauthenticated traffic information (to be used by Arduino)

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FarmerB3d
      last edited by

      Hi Folks,

      I am trying to get my hands on the traffic data which draws the graphs. Finding it in the source and using it is quite simple but I want anonymous access to it as it'll be an Arduino polling the information.

      Is there an existing method of me getting this type of data or would it be best (possible?) for me to create a package to expose this. If going the long way around, package, then I could put a basic username / password on the request.

      Or, best of all, is there an existing method I can do this? I've had a look at the packages like Bandwidthd and given what an Arduino can do, would be better to get the basic data and ease up on parsing it.

      Thanks for any tips

      Crispin

      1 Reply Last reply Reply Quote 0
      • M
        MindfulCoyote
        last edited by

        Are you asking how to transfer data out of the firewall? Couldn't you use any of the standard methods like tftp, anonymous ftp, wget, curl, or scp?

        Err

        –
        Erreu Gedmon

        Firewalls are hard...
        but the book makes it easier: https://portal.pfsense.org/book/

        1 Reply Last reply Reply Quote 0
        • F
          FarmerB3d
          last edited by

          I intend using http in the Arduino to poll the firewall (on the LAN side). The response will be something along the lines of the current bandwidth.
          To use ftp / or scp would not give me realtime (within reason)

          My first hack will be to copy the current way it's done for the bandwidth graphs strip it back so there is no authentication etc. This is dirty though and not guaranteed wok after a firmware upgrade.

          My best option might be to create a package..

          1 Reply Last reply Reply Quote 0
          • M
            MindfulCoyote
            last edited by

            @FarmerB3d:

            I intend using http in the Arduino to poll the firewall (on the LAN side). The response will be something along the lines of the current bandwidth.

            Ok, for [unauthenticated] http I would probably modify /var/etc/lighty-webConfigurator.conf to expose the data I wanted exposed. (Are we talking about the rrd files?)

            @FarmerB3d:

            To use ftp / or scp would not give me realtime (within reason)

            Not knowing your details I'll have to trust you on that, but (t)ftp and scp aren't any slower than http…  ;) Personally I would install ssh keys and have scp grab the data I wanted.

            That said... if you're using a utility similar to wget or curl, they do support authentication. If you don't want the root password on the arduino (understandable), you could add a user with limited rights in System: User Manager.

            @FarmerB3d:

            My first hack will be to copy the current way it's done for the bandwidth graphs strip it back so there is no authentication etc. This is dirty though and not guaranteed wok after a firmware upgrade.

            I'm not entirely sure what you are saying here, but I think you could modify the lighthttpd configuration to expose the data you need without compromising overall security (too much). But you are correct, such a modification would not survive a pfSense upgrade.

            Err

            –
            Erreu Gedmon

            Firewalls are hard...
            but the book makes it easier: https://portal.pfsense.org/book/

            1 Reply Last reply Reply Quote 0
            • F
              FarmerB3d
              last edited by

              @MindfulCoyote:

              @FarmerB3d:

              I intend using http in the Arduino to poll the firewall (on the LAN side). The response will be something along the lines of the current bandwidth.

              Ok, for [unauthenticated] http I would probably modify /var/etc/lighty-webConfigurator.conf to expose the data I wanted exposed. (Are we talking about the rrd files?)

              Thanks, I'll take a look at that. No, not rrd as such. I just want to make a http call and the response must be a simple "12345" which is the bandwidth being used now

              Perhaps I should give a bit of context :)
              I have an old needle meter (clicky) which I am controlling from an Arduino. I want to make this show my current bandwidth being used. So, every 500ms I would make a http call to the firewall and reset the meter based on the value returned (that is all the easy part ;) )

              @MindfulCoyote:

              @FarmerB3d:

              To use ftp / or scp would not give me realtime (within reason)

              Not knowing your details I'll have to trust you on that, but (t)ftp and scp aren't any slower than http…  ;) Personally I would install ssh keys and have scp grab the data I wanted.

              Hopefully a bit of context cleared it up? it's not the speed of the transfer I am worried about but rather that freshness of the data.

              @MindfulCoyote:

              That said… if you're using a utility similar to wget or curl, they do support authentication. If you don't want the root password on the arduino (understandable), you could add a user with limited rights in System: User Manager.

              It appears the arduino web client library is a bit flaky on the authentication side of things. I've tried logging into pfSense with username:password@10.10.50.1 but it does not seem to like it. My guess is that it's because pfSense does not use iis/apache authentication but rather hand-rolled stuff (correct me if I am wrong)

              @MindfulCoyote:

              @FarmerB3d:

              My first hack will be to copy the current way it's done for the bandwidth graphs strip it back so there is no authentication etc. This is dirty though and not guaranteed wok after a firmware upgrade.

              I'm not entirely sure what you are saying here, but I think you could modify the lighthttpd configuration to expose the data you need without compromising overall security (too much). But you are correct, such a modification would not survive a pfSense upgrade.

              Yup, but it's a good PoC for me in the meantime :D

              Onwards I go :)

              1 Reply Last reply Reply Quote 0
              • F
                FarmerB3d
                last edited by

                Well, that's the hardest thing I have every done. Made a copy of the file bandwidth_by_ip.php and commented out the line require_once('guiconfig.inc'); and viola! No authentication needed to get my bandwidth readings :D

                Now, to think of a more permanent solution. (but play time first)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.