Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ntopng development

    Scheduled Pinned Locked Moved Traffic Monitoring
    83 Posts 28 Posters 37.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      raverX
      last edited by

      Hi All,

      I reached out to Luca Deri from ntop.org a while back in the hope that there may be some way to license his awesome ntopng software for use with some of our clients. I mentioned that we use pfSense in a few locations and he said he was keen to try and get ntopng to work with pfsense WITH packet filtering.

      In the last batch of emails his questions went well beyond my own capabilities, so I said I would raise it on the forum and see if anyone could assist him.

      For reference his email is deri (@) ntop (.) org

      Here's a trail of the conversation.

      Would ntopng integration with pfSense (e.g. mark packets that you can then discard in pfSense based on L7 protocol) be what you are looking for?

      ntopng compiles on the latest FreeBSD: what version are you using?

      We have started to do some integration with pfSense in a similar way other apps do and it seems not too difficult. We would like to use ntopng in a way that packets are marked by ntopng and you can drop them in pfSense to avoid duplication of roles.

      as of of sense, please read https://github.com/ntop/ntopng/blob/dev/doc/README.pfsense and let me know your comments. I am no too familiar with pfsense and your opinion is valuable. For instance can you please send me a merge request for the readme where you describe, step by step, how to configure ALTQ queues where I can send classified flows?

      in the meantime I have implemented some pfSense support in ntopng (see https://github.com/ntop/ntopng/blob/dev/doc/README.pfsense). I hope is what you need.

      If you can find a sponsor for finishing/polishing this work that would be great

      Regards Luca

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It may compile on FreeBSD in that case but the FreeBSD port needs fixed: https://www.freshports.org/net/ntopng/

        Once the port is fixed, then we can get it back into a package, but the port has to come first.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • jdillardJ
          jdillard
          last edited by

          It's been moving along and Luca is in the loop: https://github.com/ntop/ntopng/issues/297#issuecomment-198017871

          1 Reply Last reply Reply Quote 0
          • R
            raverX
            last edited by

            Awesome. I wasn't sure if anyone on here had been in contact with him. I reached out in January, but I'm not a developer.

            I'd gladly pay a license to be able to use pfSense with nTopng+nDPI.

            We have a number of sites where pfSense is the perfect solution, but lack of application filtering (and cumbersome web filtering) has resulted in us needing to put more expensive 'commercial' solutions in place.

            1 Reply Last reply Reply Quote 0
            • A
              Abhishek
              last edited by

              https://redmine.pfsense.org/issues/6204

              hopefully issue will b fixed soon

              2.3-RC (amd64)
              built on Mon Apr 04 17:09:32 CDT 2016
              FreeBSD 10.3-RELEASE
              Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

              darkstat 3.1.2_1
              Lightsquid 3.0.3_1
              mailreport 3.0_1
              pfBlockerNG 2.0.9_1  
              RRD_Summary 1.3.1_2
              snort 3.2.9.1_9  
              squid 0.4.16_1  
              squidGuard 1.14_1
              syslog-ng 1.1.2_2

              1 Reply Last reply Reply Quote 0
              • C
                cezarq
                last edited by

                Any news?

                1 Reply Last reply Reply Quote 0
                • A
                  Abhishek
                  last edited by

                  it seems they are testing it internally

                  https://github.com/ntop/ntopng/issues/297

                  
                  @Andrew17856 Hi, I'm working on the FreeBSD port.
                  
                  I'm almost done with that, I'm waiting for feedback from a pair of persons who are helping me test it.
                  
                  I'm going to commit it as soon as I'm sure it works fine.
                  
                  If you want to test the FreeBSD port you can grab what I have done here:
                  
                  http://www.madpilot.net/~mad/ntopng_port.txz
                  
                  Please note that this also needs adding a user in /usr/ports/UIDs and /usr/ports/GIDs to work:
                  
                  > grep ntop UIDs GIDs 
                  UIDs:ntopng:*:288:288::0:0:ntopng daemon user:/nonexistent:/usr/sbin/nologin
                  GIDs:ntopng:*:288:
                  

                  2.3-RC (amd64)
                  built on Mon Apr 04 17:09:32 CDT 2016
                  FreeBSD 10.3-RELEASE
                  Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                  darkstat 3.1.2_1
                  Lightsquid 3.0.3_1
                  mailreport 3.0_1
                  pfBlockerNG 2.0.9_1  
                  RRD_Summary 1.3.1_2
                  snort 3.2.9.1_9  
                  squid 0.4.16_1  
                  squidGuard 1.14_1
                  syslog-ng 1.1.2_2

                  1 Reply Last reply Reply Quote 0
                  • T
                    tmbates12
                    last edited by

                    Looks like we have a port now:
                    http://www.freshports.org/net/ntopng/

                    1 Reply Last reply Reply Quote 0
                    • C
                      craibo
                      last edited by

                      Hi All

                      Is there any update on when we can expect the ntop-ng package to be released? I see there is a post about a failed install (https://forum.pfsense.org/index.php?topic=113173.0) but I don't see the package in the available list on pfSense yet.

                      Thanks to all for the work to make it available.

                      Been using pfSense since it was 0. something Beta on various sites/configurations. Awesome to see where it has got to.

                      1 Reply Last reply Reply Quote 0
                      • A
                        Andrew453
                        last edited by

                        ntopng is back in the 2.3.2 snapshot,  see https://redmine.pfsense.org/issues/6443

                        However, the ability to install from custom package repository urls was removed in 2.3.x as far as I can tell, so I'm not aware of an easy way to install it on the current 2.3.1 release.  (Happy to be corrected on that if someone can point me in the right direction).

                        1 Reply Last reply Reply Quote 0
                        • C
                          craibo
                          last edited by

                          @Andrew453 Thanks for the details.

                          I see that 2.3.2 is not a stable build yet.
                          Guess I'll be waiting a little longer unless someone can correct you  :)

                          so I'm not aware of an easy way to install it on the current 2.3.1 release. (Happy to be corrected on that if someone can point me in the right direction).

                          1 Reply Last reply Reply Quote 0
                          • A
                            Andrew453
                            last edited by

                            … if you're happy to run off a development snapshot, you can specify the development branch in the update settings in pfSense, but that will update your entire system.

                            1 Reply Last reply Reply Quote 0
                            • E
                              esseebee
                              last edited by

                              I've been following the developments very closely. There isn't any way ntopng is going to be included in 2.3.1 update 2, is there? Or will we need to wait until the stable release of 2.3.2?

                              1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by

                                If it proves stable enough on 2.3.2, it may be made available elsewhere. It's still being tested, though.

                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • I
                                  icest0rm
                                  last edited by

                                  great. I think there's a lot of ppl waiting for it.

                                  just because it's an excellent interface to monitor realtime bandwidth usage on the fw and I don't seem to be able to find a good alternative to it.

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    Paint
                                    last edited by

                                    Thank you for adding this package! It is working well for me locally, but I am having issues with setting up ntopng over HTTPS via NGINX.

                                    I have tried setting up a proxy_pass directive, but I cannot get past the login screen. I also tried editing the /usr/local/etc/rc.d/ntopng.sh file to add –http-prefix="/ntopng" to the startup strings, but unfortunately I get the same issue.

                                    Can we integrate SSL certificates into ntopng or allow for native nginx https proxy through pfSense's nginx setup?

                                    Thank you!

                                    pfSense i5-4590
                                    940/880 mbit Fiber Internet from FiOS
                                    BROCADE ICX6450 48Port L3-Managed Switch w/4x 10GB ports
                                    Netgear R8000 AP (DD-WRT)

                                    1 Reply Last reply Reply Quote 0
                                    • P
                                      Paint
                                      last edited by

                                      temporarily to fix the authentication/login issue through NGINX, I have added –disable-login '1' to the /usr/local/pkg/ntopng.inc file in the DNS Mode string:

                                              /* DNS Mode */
                                              if (is_numeric($ntopng_config['dns_mode']) && ($ntopng_config['dns_mode'] >= 0) && ($ntopng_config['dns_mode'] <= 3)) {
                                                      $dns_mode = "--disable-login '1' --dns-mode " . escapeshellarg($ntopng_config['dns_mode']);
                                              }
                                      

                                      I enabled htaccess password protection via nginx.

                                      Everything is working great now! Thanks!

                                      pfSense i5-4590
                                      940/880 mbit Fiber Internet from FiOS
                                      BROCADE ICX6450 48Port L3-Managed Switch w/4x 10GB ports
                                      Netgear R8000 AP (DD-WRT)

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        soutieslak
                                        last edited by

                                        @jimp:

                                        If it proves stable enough on 2.3.2, it may be made available elsewhere. It's still being tested, though.

                                        Is there a chance that it will be included as an alpha release in 2.3.2?

                                        1 Reply Last reply Reply Quote 0
                                        • jimpJ
                                          jimp Rebel Alliance Developer Netgate
                                          last edited by

                                          It's already in 2.3.2. If you install a 2.3.2 snapshot you can use it now (or at least once I get this fix pushed to correct the password handling)

                                          When 2.3.2 releases (probably next week) you'll have access to it.

                                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                          Need help fast? Netgate Global Support!

                                          Do not Chat/PM for help!

                                          1 Reply Last reply Reply Quote 0
                                          • luckman212L
                                            luckman212 LAYER 8
                                            last edited by

                                            any chance of pulling in the 2.4 version of ntopng that is available in FreeBSD ports?

                                            The changelog is long, but the first 2 items alone seem enough to make it worth it:

                                            • Memory-management, stability and speed have been fundamentally improved

                                            • We have kept an eye on security and hardened the code to prevent privileges escalation and XSS

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.