Results 1 to 9 of 9
  1. #1
    NuX
    NuX is offline
    Untanglit
    Join Date
    Nov 2020
    Posts
    16

    Default libnet_write failed: with Intrusion Prevention APP

    Problem:

    I am receiving this Warning: "libnet_write failed: libnet_write_raw_ipv4(): -1 bytes written (Network is unreachable)"
    when viewing the status page of the Intrusion Prevention App.
    Apps > Intrusion Prevention > Status [tab]

    This error wasn't there Wed 11/25. But sometime between then and today Mon 11/30. its there.
    Auto Update is enabled. Friday/Saturday.
    Logs indicate that this appliance auto updated on the 27th. Friday.

    Question:
    Umm.. How concerned should I be? I'm really new to the untangled Next Gen FW product line and OS.
    So new that the support you get when you purchase a product just expired.

    I would rather troubleshoot this error, than to reboot. But I do not know where to begin w/ untangled.
    I viewed the System Logs after downloading them. I saw nothing referring to the libnet library or the error message displayed above.

    ** Thoughts or suggestions, and how concerned should I be ??
    -Thank you in advanced.

    What I have tried:
    - Searched the forum
    - browsed the Help/Support page
    - reloaded the browser
    - looked through the support logs
    ++ saw nothing that would lead me closer to an answer.

    - cursed at it.

    Particulars:
    z4 Appliance
    Build: 16.1.1.20201028T105733.d127809143-1buster
    Kernel: 4.19.0-11-untangle-amd64
    Memory Free: 65.4%
    SWAP: Free: 96.8%
    Disk Space Free: 53.7%

    Snip20201130_1.png

  2. #2
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    Welcome to the Untangle forums, and well done on doing your homework.

    I've not seen this particular IPS warning before, and given the nature of it, I'm going to suggest you contact support rather than try to troubleshoot this yourself. The support team is a great bunch and I think I'd give them the chance to see this particular warning. Don't worry about whether you have support or not. If they look at your ticket and feel it worth pursuing, they will pursue it sooner or later.

    Just as a general suggestion, consider disabling automatic updates, just as a "best practices" procedure. Over the years, countless NGFW installations no doubt have gone through an automatic update just fine. But initiating and monitoring an update at a time of your choosing isn't a bad habit.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,228

    Default

    I would echo that sentiment, a support ticket would be best in this case.

    I'm aware of no changes in the module in the indicated time frame to explain this behavior...

    Beware, I assume from your screen grab that you're using one or both of the Critical and High Priority rule sets with the action of enable block. These two rule sets are known to conflict with remote web management consoles for various things. Unifi controllers, Meraki gear, that sort of thing. If you're familiar with Surricata at all, this probably doesn't shock you, just beware dragons and all that.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    NuX
    NuX is offline
    Untanglit
    Join Date
    Nov 2020
    Posts
    16

    Default

    Thank you for your suggestions Sam Graf. I will consider your suggestion for disabling the automatic updates. [side comment] I was hoping I could set it and forget it (RonCo rotisserie :: .youtube.com/watch?v=GG43jyZ65R8) <-- Humor. Do enough monitoring at work :P None-the-less your advice is solid & sound.

    Your other suggestion regarding contacting support... So,.. that error message was intimated by my cursing and went away. ?? Strange ?? as I did not do anything..

    if it happens again, and if I can correlate the events, I'll contact support to see if they would like to chat.

    ..Anyways..

    Sam Graf, I appreciate your time and attention to my matters.

  5. #5
    NuX
    NuX is offline
    Untanglit
    Join Date
    Nov 2020
    Posts
    16

    Default

    Sky-Night, thank you for your insight into Surricata. You are correct on your speculations with the rules I am running.

    I'm fairly new in the operations of Surricata. Still learning the dragons and devils, not to forget the bypass/rules.

    I'll review the differences between the rules and signatures, and trim the fat where necessary.

    Sky-Night, thank you for your time and attention to my matters.
    Last edited by NuX; 11-30-2020 at 09:57 PM.

  6. #6
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    Quote Originally Posted by NuX View Post
    So,.. that error message was intimated by my cursing and went away. ?? Strange ?? as I did not do anything..
    RonCo... Oh, the memories.

    Strange, but not unheard of. I suggest noting the exact time the next time you see the warning and then submitting a ticket with the time information included. That may help support even if the warning disappears again.

  7. #7
    NuX
    NuX is offline
    Untanglit
    Join Date
    Nov 2020
    Posts
    16

    Default

    Roger that, noted.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,228

    Default

    That particular module has a UI that seems oddly sensitive... I've seen warnings in there that don't mean anything too but it's never been consistent enough to really pin down a pattern to report anything, but at the same time it's also never actually broken in any functional way.

    It's like a corner piece near the hallway that refuses to stay painted no matter how hard you try.
    NuX likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    NuX
    NuX is offline
    Untanglit
    Join Date
    Nov 2020
    Posts
    16

    Default

    Quote Originally Posted by sky-knight View Post

    It's like a corner piece near the hallway that refuses to stay painted no matter how hard you try.
    Damn that corner piece!!! Thank you for the laugh! and Thank you for your insight! Appreciate your knowledge.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2