13.0, before that I'm not sure, but it was 12.x Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________ From: Zammit, Ludovic <luza...@akamai.com> Sent: Monday, January 29, 2024 4:27:55 PM To: PacketFence-users <packetfence-users@lists.sourceforge.net> Cc: David Moore <dave.mo...@outlook.com> Subject: Re: [PacketFence-users] Help with IP Tables and Processor usage question Hello David, What was the previous PF version before the upgrade? Thanks, Ludovic Zammit Product Support Engineer Principal Lead [https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png] Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: [https://www.akamai.com/us/en/multimedia/images/custom/community.jpg] <https://community.akamai.com> [https://www.akamai.com/us/en/multimedia/images/custom/rss.png] <http://blogs.akamai.com> [https://www.akamai.com/us/en/multimedia/images/custom/twitter.png] <https://twitter.com/akamai> [https://www.akamai.com/us/en/multimedia/images/custom/fb.png] <http://www.facebook.com/AkamaiTechnologies> [https://www.akamai.com/us/en/multimedia/images/custom/in.png] <http://www.linkedin.com/company/akamai-technologies> [https://www.akamai.com/us/en/multimedia/images/custom/youtube.png] <http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Jan 25, 2024, at 10:02 AM, David Moore via PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: I recently upgraded to PF 13.1 and have had a few issues, most of which I have been able to resolve. The only lingering issue I'm aware of is with IP Tables, but I'm not positive it's something to be concerned about because PF is working. My PF server is ZEN running in VMWare ESXi the assigned hardware is 32 GB of RAM, 4 Processors and 300 GB of disk space, my network consists of about 30 nodes authenticating with 802.1x (Active Directory and MAC Auth for non-AD devices) memory and disk space are fine but the CPU is constantly at 5Ghz of consumption (is that normal for the processor?) Please see the details from packetfence.log and from systemctl status packetfence-iptables below: packetfence.log: Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: [mac:[undef]] getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(17) INFO: [mac:[undef]] processed 0 security_events during security_event maintenance (1706193787.30847 1706193787.36479) (pf::security_event::security_event_maintenance) Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: saving existing iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: We are using IPSET (pf::ipset::iptables_generate) Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: flushing iptables (pf::ipset::iptables_flush_mangle) Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding Forward rules to allow connections to the OAuth2 Providers and passthrough. (pf::iptables::generate_passthrough_rules) Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding IP based passthrough for connectivitycheck.gstatic.com<http://connectivitycheck.gstatic.com/> (pf::iptables::generate_passthrough_rules) Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding NAT Masquerade statement. (pf::iptables::generate_passthrough_rules) Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: restoring iptables from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: Problem trying to run command: LANG=C /sbin/iptables-restore < /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child exited with non-zero value 2 (pf::util::pf_run) Jan 25 09:44:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(19) INFO: [mac:[undef]] processed 0 security_events during security_event maintenance (1706193846.10912 1706193846.12021) (pf::security_event::security_event_maintenance) Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: [mac:[undef]] Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) INFO: [mac:[undef]] getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: [mac:[undef]] All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: saving existing iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: We are using IPSET (pf::ipset::iptables_generate) Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: flushing iptables (pf::ipset::iptables_flush_mangle) Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding Forward rules to allow connections to the OAuth2 Providers and passthrough. (pf::iptables::generate_passthrough_rules) Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding IP based passthrough for connectivitycheck.gstatic.com<http://connectivitycheck.gstatic.com/> (pf::iptables::generate_passthrough_rules) Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding NAT Masquerade statement. (pf::iptables::generate_passthrough_rules) Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: restoring iptables from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: Problem trying to run command: LANG=C /sbin/iptables-restore < /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child exited with non-zero value 2 (pf::util::pf_run) Jan 25 09:45:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) INFO: [mac:[undef]] processed 0 security_events during security_event maintenance (1706193906.17069 1706193906.18816) (pf::security_event::security_event_maintenance) Jan 25 09:45:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(12) INFO: [mac:[undef]] getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Jan 25 09:45:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) INFO: [mac:[undef]] Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Jan 25 09:45:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) INFO: [mac:[undef]] All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Jan 25 09:45:16 fence packetfence[562283]: -e(562283) INFO: saving existing iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) Jan 25 09:45:16 fence packetfence[562283]: -e(562283) WARN: We are using IPSET (pf::ipset::iptables_generate) Jan 25 09:45:16 fence packetfence[562283]: -e(562283) INFO: flushing iptables (pf::ipset::iptables_flush_mangle) Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: Adding Forward rules to allow connections to the OAuth2 Providers and passthrough. (pf::iptables::generate_passthrough_rules) Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: Adding IP based passthrough for connectivitycheck.gstatic.com<http://connectivitycheck.gstatic.com/> (pf::iptables::generate_passthrough_rules) Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: Adding NAT Masquerade statement. (pf::iptables::generate_passthrough_rules) Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: restoring iptables from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) Jan 25 09:45:17 fence packetfence[562283]: -e(562283) WARN: Problem trying to run command: LANG=C /sbin/iptables-restore < /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child exited with non-zero value 2 (pf::util::pf_run) Jan 25 09:46:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: [mac:[undef]] processed 0 security_events during security_event maintenance (1706193966.18047 1706193966.2038) (pf::security_event::security_event_maintenance) Jan 25 09:46:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) INFO: [mac:[undef]] getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Jan 25 09:46:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(16) INFO: [mac:[undef]] Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Jan 25 09:46:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(16) INFO: [mac:[undef]] All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Jan 25 09:46:17 fence packetfence[562283]: -e(562283) INFO: saving existing iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) systemctl status packetfence-iptables: ● packetfence-iptables.service - PacketFence Iptables configuration Loaded: loaded (/lib/systemd/system/packetfence-iptables.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-01-24 14:15:55 EST; 1h 17min ago Main PID: 562283 (perl) Tasks: 1 (limit: 38474) Memory: 188.3M CPU: 46.312s CGroup: /packetfence.slice/packetfence-iptables.service └─562283 /usr/bin/perl -I/usr/local/pf/lib -I/usr/local/pf/lib_perl/lib/perl5 -Mpf::db -Mpf::services::manager::iptables -e my $db ; while(!$db) { eval { $db = db_ping() } ; sleep 1 } ; pf::services::manager::iptables->new()->startAndCheck() Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> sudo[752059]: pam_unix(sudo:session): session closed for user root Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> sudo[752062]: root : PWD=/ ; USER=root ; COMMAND=/usr/sbin/ipset --add pfsession_passthrough 172.217.13.99,443 Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> sudo[752062]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0) Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> sudo[752062]: pam_unix(sudo:session): session closed for user root Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> packetfence[562283]: -e(562283) INFO: Adding NAT Masquerade statement. (pf::iptables::generate_passthrough_rules) Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> packetfence[562283]: -e(562283) INFO: restoring iptables from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> perl[752066]: iptables-restore v1.8.7 (nf_tables): invalid port/service `%%httpd_collector_port%%' specified Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> perl[752066]: Error occurred at line: 62 Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> perl[752066]: Try `iptables-restore -h' or 'iptables-restore --help' for more information. Jan 24 15:33:11 fence.sixmoore.com<http://fence.sixmoore.com/> packetfence[562283]: -e(562283) WARN: Problem trying to run command: LANG=C /sbin/iptables-restore < /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child exited with non-zero value 2 (pf::util::pf_run) I looked at the /usr/local/pf/var/conf/iptables.conf file and line 62 reads: -A input-management-if --protocol tcp --match tcp --dport %%httpd_collector_port%% --jump ACCEPT Thanks Dave _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!W7iDMR4-NGQYg2tqf9z2ToridNJj_dYDYn6ZAwKwbiwCtAc3O0rHn0tkPtUi9_h6LVad5cCvHyzMhFsldRoPu-QPOgTOHIeR8hJNXQ$
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
