Mantis - ISSUES

0004268: Make source and destination IP colours in firewall log match zone colours

Make source and destination IP colours in firewall logs match zone colours, so source/destinations IPs in the BLUE zone are coloured blue, GREEN zone coloured green and ORANGE zone coloured orange.

0004267: Make source IP colours in HTTP & Content Filter logs match zone colours

Make source IP colours in HTTP & Content Filter logs match zone colours, so source IPs in the BLUE zone are coloured blue, GREEN zone coloured green and ORANGE zone coloured orange.

0004266: Intrusion Detection shows as OFF in dashboard screen when confirmed running in status screen.

Intrusion Detection shows as OFF in dashboard screen when confirmed running in status screen.

This only happens after logging in after boot, restarting intrusion detection then shows Intrusion Detection as ON in dashboard.

0004265: traceroute doesn't work from shell

I classified the severity as major because I'm trying to debug an internal routing issue and I can't, easily.

root@cjb-downtown:~ # traceroute 192.168.9.1
bind: Invalid argument
root@cjb-downtown:~ #

traceroute returns the above error regardless of what ip/hostname you attempt to trace.

0004234: IPsec VPNs in Endian 2.5 unstable, stop passing data

I have upgraded an existing firewall (clean install & reconfigure) from Endian 2.4.1 to 2.5 and the IPsec VPNs keep stopping after a few minutes. Their status shows green and if I restart them data flow will resume for another while.

0004264: Can't access internal web server from green/blue zone by its external URL

We have a webserver in the green zone, that is reachable from outside (red zone) by http://www.mywebsite.com. [^] (Port forward rule is set from main uplink to the ip address of the web server)

From the green or blue zone i only can access the webserver by its local ip address, but not by its external URL http://www.mywebsite.com. [^]

In EFW 2.4.1 there was a "workaround" and you can set a Source NAT rule for it:
Source: 192.168.0.0/24
Destination: 192.168.0.100
Service/Port: http / 80
NAT: 192.168.0.1 (gateway ip)

But this don't work with EFW 2.5.1 anymore

0004262: Unable eject CD-ROM

Endian 2.5 displays message "Unable eject cd-rom" during installation. The problem also occurs in version 2.5.1

0004241: Endian does not resolve DNS names

Endian does not resolve domain names and this causes internet services don't work.
Simple IP connectivity, instead, works fine.

I installed a fresh 2.5 release on a VMWare virtual machine.
Also, i installed a 2.3 release on the same VM and all works fine!...so the problem is in the newer one.

0004258: Dashboard Service Information POP3 Proxy - ARM

No informations are load from the Service Information Plugin - POP3 Proxy. No couting.

- Message Log are correct:
------------------------------------------
Jan 31 15:12:19 arm p3scan[25941]: Session done (Clean Exit). Mails: 3 Bytes: 107443

.............@gmx.de. recognized as spam!

and so on.
------------------------------------------

collectd.d\p3scan.conf
------------------------------------------

Instance "pop"
Missingok "on"

Regex " p3scan.* Mails: ([0-9]*) Bytes:"
DSType "CounterAdd"
Type "connections"
Instance "scanned"

Regex " p3scan.*POP3 from.* virus:"
DSType "CounterInc"
Type "connections"
Instance "virus"

Regex " p3scan.*POP3 from.* as spam!"
DSType "CounterInc"
Type "connections"
Instance "spam"

------------------------------------------

connections-xxx.rrd are up to date

0004247: squid unable to handle kernel NULL pointer dereference

squid stops working, seems problem with NULL pointer exception as kernel traced it

0004256: Uplink address missing from Port Forwarding Rule Editor

I have an ADSL uplink that has a single static IP address assigned to it (xx.xx.182.34) which it receives via DHCP when it connects. In addition, I have a block of addresses assigned to the link (xx.xx.52.81 - 52.86). When I try to set a firewall rule for the .182.34 address, it is not listed. Only the block of addresses I have entered manually for the uplink is available. See attached images.

0004132: Hotspot Menubar does not show the section the user is currently in

When one clicks on a menu item in the main menubar, that item is highlighted with a gray background. This does not happen in the hotspot menu bar, but it should for uniformity with the main manubar

0004250: Services Information Plugin on Dashboard not updating

Intrusion Detection and HTTP Proxy statistics not updating (possibly SMTP Proxy and POP3 Proxy also but not tested).

Mostly always at Hour:0 Day:0 for all items (attacks logged, misses, hits, pages filtered, viruses found) but logs show IPS attacks, Content filter DENIES.

0004246: DOWN arrow in Last QOS Class and Rules should be UP Arrow

The last Rule (or Class) of QOS have a Down arrow, and should have an UP Arrow to move it Before The next rule.

0004172: Broken link to malwaredomains

There is a hyperlink in the DNS proxy, under "Anti spyware", labelled "Learn more about the spyware listening post". The new link should be either

http://www.malwaredomains.com/wordpress/?p=1988 [^] or

http://doc.emergingthreats.net/bin/view/Main/SpywareListeningPost [^] (here the listening posts are described, so this should be the correct link)

0004248: HTTP proxy slow internet!!!

Hi all,

I`v been testing the Endian 2.4.1 proxy http. But wile enabling the http proxy, and setting the green interface on transparent, my internet connection on the green interface, have a delay of 5 - 10 sec. to open a website. When i look into my log files, every thing seems to go ok. You can find the log files as attachment.
When i disable the http proxy every thing seems to work oke. No delay on opening a website. I have set my dns to the ISP dns. Not the dns we use in owe company.
Also have tried to increase the ram cache from 50 to 150 but still no good.
Disable-ling the virus (calvam) wouldn`t work either
tried it on both ISP one a kabel and the other is a fiber connection but on both a delay.

I wonder if this is a bug in the Endian 2.4.1, because in de Endian 2.3 every thing is working wel.

On the internet i have seem some issues that people, but there was no solution yet.

0004245: efw-update upgrade / smart hanging

Smart sometimes is hanging,

2012-01-20 17:12:09,420 - efw-update[6931] - INFO - Updating channel: endian-utm-arm-2.4-base (Endian UTM Appliance ARM 2.4 Base Channel)
2012-01-20 17:12:09,432 - efw-update[6931] - INFO - Check for packages which need upgrade
smart upgrade --url 2>&1

it just hang on there and nothing happens.

0004251: After updating Contentfilter Default Profile, Schedule for automatic blacklist updates is set to Monthly

After updating Contentfilter Default Profile, Schedule for automatic blacklist updates is set to Monthly where before I have set it to Daily.

After updating the profile I must again select Daily and press 'Save'

0001865: Open VPN server doesn't push any nameserver to a linux/mac client

A possible patch suggested by Thomas Helmoe is available here:
http://www.psycast.de/blog/?postid=37 [^]

0004221: kernel : xt_TCPMSS: bad length (1024 bytes) + PATCH

Hi,

a customer with 500+ concurrent voip connection (a 16 cores workstation) saying that the firewall "crashed" due to heavy voip traffic.

When logged in this is what I recall interesting:
http://pastie.org/2991370 [^]

Leaving the other problems (already know what and why) and focusing to the kernel message I found that is related with netfilter, an the matching rule (MSS) is located in mangle, chain:

Chain FORWARD (policy ACCEPT 231M packets, 33G bytes)
pkts bytes target prot opt in out source destination
1217K 66M TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU

http://rhkernel.org/#RHEL6+2.6.32-71.18.2.el6/net/netfilter/xt_TCPMSS.c [^]
63 /* Since it passed flags test in tcp match, we know it is is
64 not a fragment, and has data >= tcp header length. SYN
65 packets should not contain data: if they did, then we risk
66 running over MTU, sending Frag Needed and breaking things
67 badly. --RR */
68 if (tcplen != tcph->doff*4) {
69 if (net_ratelimit())
70 printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n",
71 skb->len);
72 return -1;
73 }

So the error is caused for 2 reasons:

1) Syn packets which contains data (normally not allowed)
2) TCP header larger than the packet itself

It's rare to reproduce because on rare occasions is produced this kind of traffic, however there is already a patch on this problem (I belive it's included in the vanilla).

PATCH:

http://www.gossamer-threads.com/lists/linux/kernel/1180390?do=post_view_threaded [^]

0002315: Login with $ ore other extra signs in password fails

Hi,

its not longer possible to add extra-signs like "$% to the password. After changing the password for admin user ore root no more login is possible.

0003333: Firewall diagrams don't open

After clicking on a firewall diagram and grey box appears with previous, next and X, but no enlarged image.

0004242: Open VPN LDAP

When the "Save and Restart" button on any of the OpenVPN pages of the web GUI is pressed and changes are detected, any subsequent changes are written back to the "/var/efw/openvpn/settings" file.

If this file contains previously modified information containing LDAP paths that contain a space, the "writehash" function in "/var/efw/header.pl" wraps the LDAP path with the ' charter (line 2409). As soon as this happens, any LDAP authentication fails. To fix, one must manually remove the ' character wrapping the path from:

LDAP_BIND_DN=
LDAP_GROUP_BASEDN=
LDAP_USER_BASEDN=

After saving the changes, authentication resumes.

0004231: "Your Harddisk is to small" error message during install of 2.5 version

When installing 2.5 on VMware with a disk 15GB or less the installation fails with an error message "Your harddisk is to small" sh: -c line 0: unexpected EOF while looking for matching '"

0003311: Restore backup on different hardware leaves the firewall unusable

When restoring a backup on different hardware (new machine) the firewall becomes unreachable after reboot. The restore removes the configuration of eth0 and eth1 and creates eth2 and eth3. Due to this the br0 config is messed up as this is normally using eth0, but this can be fixed relatively easy by editing the br0 file in /var/efw/ethernet. In the uplink editor GUI the correct config for the uplink is shown, but not applied to the system. GUI showed the correct networkcard (eth3) and its settings. Using ifconfig eth3 from SSH did not show the ipv4 address as shown in the GUI. I had to use the Network Configuration wizard to re-apply the uplink settings. After that the dashboard stopped working, both IE and Firefox only showed Loading Dashboard, the rest of the GUI did work.