At one point when using the previous NIC’s (the amazon cheapy I225V) it was showing netmap fail - head kring blah blah blah, but that message doesn’t come up with the more expensive x540 NIC, it doesn’t seem to give any message before just crashing silently. It’s hard to even find anything out of the ordinary in the log files. For a while it looked like that was working but then surprise surprise it crashed again just when I was starting to think PPPoE was the problem. double nat and then I would test suricata on the child router. Then I tried using a 2nd pfsense router - the parent router connects over PPPoE and then serves the child router DHCP WAN i.e. With my provider I can’t do true bridged mode / DHCP so I have to use PPPoE. I also noticed it is much easier to crash when my WAN is set to PPPoE. It looks like the logs were still getting through but I couldn’t find any unusual messages besides just some invalid rule errors etc. I’ve selected all the logging options I could find in suricata settings and I’ve got a syslog server on LAN while I was running suricata on OPT1 so that when it crashes the OPT1 interface hopefully the logs would still go through to LAN. Other times that won’t work and I have to restart either the dhcpd or the unbound (dns resolver) before it will work again. When it crashes usually I can get to the pfsense from another interface and just restart the suricata service. Then later I saw it crash from another PC as well, even though it wasn’t crashing before using that same test scenario. Previously it looked like it would only crash when running a speed test from a PC using a usb network adapter. If it doesnt crash on its own it often crashes when running a speed test. I tried increasing each value substantially while testing it, one change at a time. increased some other values I forget exactly what - buffer size, packet size etc.I thought it worked better with the X540 NIC and I got my hopes up that it was working but then it crashed again too the onboard NIC which shows up as em(0).a $250 dual 10Gbe NIC with intel X540-T2 chips.some cheaper amazon 2.5Gbe dual NICs with I225-V chips.The machine is a lenovo with dual xeon e-2637 cpus, 32GB of ECC ram. It’s hard to narrow down so all I can do is provide all the information for the various ways in which it crashed. This may be multiple issues at the same time. I have tested so many ways and tweaked so many settings and I’m still having trouble figuring out what exactly causes it to crash. I got suricata running on pfsense in inline mode on my LAN but it crashes after several hours or when I do certain things.
0 kommentar(er)
