Hello David, Can you show the output of the top command and show it here?
Thanks Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jan 29, 2024, at 5:49 PM, David Moore <dave.mo...@outlook.com> wrote: > > 13.0, before that I'm not sure, but it was 12.x > > Get Outlook for Android > <https://urldefense.com/v3/__https://aka.ms/AAb9ysg__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKtBonPiU$> > > From: Zammit, Ludovic <luza...@akamai.com> > Sent: Monday, January 29, 2024 4:27:55 PM > To: PacketFence-users <packetfence-users@lists.sourceforge.net> > Cc: David Moore <dave.mo...@outlook.com> > Subject: Re: [PacketFence-users] Help with IP Tables and Processor usage > question > > Hello David, > > What was the previous PF version before the upgrade? > > Thanks, > > Ludovic Zammit > Product Support Engineer Principal Lead > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com/> > <http://blogs.akamai.com/> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXK0citiyA$> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKmB9CJFY$> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXK82QPJ78$> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKcEpHcjA$> > >> On Jan 25, 2024, at 10:02 AM, David Moore via PacketFence-users >> <packetfence-users@lists.sourceforge.net> wrote: >> >> I recently upgraded to PF 13.1 and have had a few issues, most of which I >> have been able to resolve. The only lingering issue I'm aware of is with IP >> Tables, but I'm not positive it's something to be concerned about because PF >> is working. >> >> My PF server is ZEN running in VMWare ESXi the assigned hardware is 32 GB of >> RAM, 4 Processors and 300 GB of disk space, my network consists of about 30 >> nodes authenticating with 802.1x (Active Directory and MAC Auth for non-AD >> devices) memory and disk space are fine but the CPU is constantly at 5Ghz of >> consumption (is that normal for the processor?) >> >> Please see the details from packetfence.log and from systemctl status >> packetfence-iptables below: >> >> packetfence.log: >> Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) >> INFO: [mac:[undef]] getting security_events triggers for accounting cleanup >> (pf::accounting::acct_maintenance) >> Jan 25 09:43:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(17) >> INFO: [mac:[undef]] processed 0 security_events during security_event >> maintenance (1706193787.30847 1706193787.36479) >> (pf::security_event::security_event_maintenance) >> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: saving existing >> iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) >> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: We are using >> IPSET (pf::ipset::iptables_generate) >> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: flushing >> iptables (pf::ipset::iptables_flush_mangle) >> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding Forward >> rules to allow connections to the OAuth2 Providers and passthrough. >> (pf::iptables::generate_passthrough_rules) >> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding IP based >> passthrough for connectivitycheck.gstatic.com >> <https://urldefense.com/v3/__http://connectivitycheck.gstatic.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKYfy49kk$> >> (pf::iptables::generate_passthrough_rules) >> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: Adding NAT >> Masquerade statement. (pf::iptables::generate_passthrough_rules) >> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) INFO: restoring >> iptables from /usr/local/pf/var/conf/iptables.conf >> (pf::iptables::iptables_restore) >> Jan 25 09:43:15 fence packetfence[562283]: -e(562283) WARN: Problem trying >> to run command: LANG=C /sbin/iptables-restore < >> /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child >> exited with non-zero value 2 (pf::util::pf_run) >> Jan 25 09:44:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(19) >> INFO: [mac:[undef]] processed 0 security_events during security_event >> maintenance (1706193846.10912 1706193846.12021) >> (pf::security_event::security_event_maintenance) >> Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) >> INFO: [mac:[undef]] Using 300 resolution threshold >> (pf::pfcron::task::cluster_check::run) >> Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(14) >> INFO: [mac:[undef]] getting security_events triggers for accounting cleanup >> (pf::accounting::acct_maintenance) >> Jan 25 09:44:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) >> INFO: [mac:[undef]] All cluster members are running the same configuration >> version (pf::pfcron::task::cluster_check::run) >> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: saving existing >> iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) >> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: We are using >> IPSET (pf::ipset::iptables_generate) >> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: flushing >> iptables (pf::ipset::iptables_flush_mangle) >> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding Forward >> rules to allow connections to the OAuth2 Providers and passthrough. >> (pf::iptables::generate_passthrough_rules) >> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding IP based >> passthrough for connectivitycheck.gstatic.com >> <https://urldefense.com/v3/__http://connectivitycheck.gstatic.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKYfy49kk$> >> (pf::iptables::generate_passthrough_rules) >> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: Adding NAT >> Masquerade statement. (pf::iptables::generate_passthrough_rules) >> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) INFO: restoring >> iptables from /usr/local/pf/var/conf/iptables.conf >> (pf::iptables::iptables_restore) >> Jan 25 09:44:16 fence packetfence[562283]: -e(562283) WARN: Problem trying >> to run command: LANG=C /sbin/iptables-restore < >> /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child >> exited with non-zero value 2 (pf::util::pf_run) >> Jan 25 09:45:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) >> INFO: [mac:[undef]] processed 0 security_events during security_event >> maintenance (1706193906.17069 1706193906.18816) >> (pf::security_event::security_event_maintenance) >> Jan 25 09:45:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(12) >> INFO: [mac:[undef]] getting security_events triggers for accounting cleanup >> (pf::accounting::acct_maintenance) >> Jan 25 09:45:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) >> INFO: [mac:[undef]] Using 300 resolution threshold >> (pf::pfcron::task::cluster_check::run) >> Jan 25 09:45:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(13) >> INFO: [mac:[undef]] All cluster members are running the same configuration >> version (pf::pfcron::task::cluster_check::run) >> Jan 25 09:45:16 fence packetfence[562283]: -e(562283) INFO: saving existing >> iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) >> Jan 25 09:45:16 fence packetfence[562283]: -e(562283) WARN: We are using >> IPSET (pf::ipset::iptables_generate) >> Jan 25 09:45:16 fence packetfence[562283]: -e(562283) INFO: flushing >> iptables (pf::ipset::iptables_flush_mangle) >> Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: Adding Forward >> rules to allow connections to the OAuth2 Providers and passthrough. >> (pf::iptables::generate_passthrough_rules) >> Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: Adding IP based >> passthrough for connectivitycheck.gstatic.com >> <https://urldefense.com/v3/__http://connectivitycheck.gstatic.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKYfy49kk$> >> (pf::iptables::generate_passthrough_rules) >> Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: Adding NAT >> Masquerade statement. (pf::iptables::generate_passthrough_rules) >> Jan 25 09:45:17 fence packetfence[562283]: -e(562283) INFO: restoring >> iptables from /usr/local/pf/var/conf/iptables.conf >> (pf::iptables::iptables_restore) >> Jan 25 09:45:17 fence packetfence[562283]: -e(562283) WARN: Problem trying >> to run command: LANG=C /sbin/iptables-restore < >> /usr/local/pf/var/conf/iptables.conf called from iptables_restore. Child >> exited with non-zero value 2 (pf::util::pf_run) >> Jan 25 09:46:06 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) >> INFO: [mac:[undef]] processed 0 security_events during security_event >> maintenance (1706193966.18047 1706193966.2038) >> (pf::security_event::security_event_maintenance) >> Jan 25 09:46:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(15) >> INFO: [mac:[undef]] getting security_events triggers for accounting cleanup >> (pf::accounting::acct_maintenance) >> Jan 25 09:46:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(16) >> INFO: [mac:[undef]] Using 300 resolution threshold >> (pf::pfcron::task::cluster_check::run) >> Jan 25 09:46:07 fence pfperl-api-docker-wrapper[562338]: pfperl-api(16) >> INFO: [mac:[undef]] All cluster members are running the same configuration >> version (pf::pfcron::task::cluster_check::run) >> Jan 25 09:46:17 fence packetfence[562283]: -e(562283) INFO: saving existing >> iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) >> >> >> systemctl status packetfence-iptables: >> ● packetfence-iptables.service - PacketFence Iptables configuration >> Loaded: loaded (/lib/systemd/system/packetfence-iptables.service; >> enabled; vendor preset: enabled) >> Active: active (running) since Wed 2024-01-24 14:15:55 EST; 1h 17min ago >> Main PID: 562283 (perl) >> Tasks: 1 (limit: 38474) >> Memory: 188.3M >> CPU: 46.312s >> CGroup: /packetfence.slice/packetfence-iptables.service >> └─562283 /usr/bin/perl -I/usr/local/pf/lib >> -I/usr/local/pf/lib_perl/lib/perl5 -Mpf::db >> -Mpf::services::manager::iptables -e my $db ; while(!$db) { eval { $db = >> db_ping() } ; sleep 1 } ; >> pf::services::manager::iptables->new()->startAndCheck() >> >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> sudo[752059]: pam_unix(sudo:session): session closed for user root >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> sudo[752062]: root : PWD=/ ; USER=root ; COMMAND=/usr/sbin/ipset --add >> pfsession_passthrough 172.217.13.99,443 >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> sudo[752062]: pam_unix(sudo:session): session opened for user root(uid=0) >> by (uid=0) >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> sudo[752062]: pam_unix(sudo:session): session closed for user root >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> packetfence[562283]: -e(562283) INFO: Adding NAT Masquerade statement. >> (pf::iptables::generate_passthrough_rules) >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> packetfence[562283]: -e(562283) INFO: restoring iptables from >> /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> perl[752066]: iptables-restore v1.8.7 (nf_tables): invalid port/service >> `%%httpd_collector_port%%' specified >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> perl[752066]: Error occurred at line: 62 >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> perl[752066]: Try `iptables-restore -h' or 'iptables-restore --help' for >> more information. >> Jan 24 15:33:11 fence.sixmoore.com >> <https://urldefense.com/v3/__http://fence.sixmoore.com/__;!!GjvTz_vk!T36FG1sm3qbNIPKsJSVIMXnKsXJUr1m8P2KW5kw773SsHSB61HxKpA18FIL7HL8jyXnG-pdTGRXKburw20k$> >> packetfence[562283]: -e(562283) WARN: Problem trying to run command: LANG=C >> /sbin/iptables-restore < /usr/local/pf/var/conf/iptables.conf called from >> iptables_restore. Child exited with non-zero value 2 (pf::util::pf_run) >> >> I looked at the /usr/local/pf/var/conf/iptables.conf file and line 62 reads: >> -A input-management-if --protocol tcp --match tcp --dport >> %%httpd_collector_port%% --jump ACCEPT >> >> >> Thanks >> Dave >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> <mailto:PacketFence-users@lists.sourceforge.net> >> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!W7iDMR4-NGQYg2tqf9z2ToridNJj_dYDYn6ZAwKwbiwCtAc3O0rHn0tkPtUi9_h6LVad5cCvHyzMhFsldRoPu-QPOgTOHIeR8hJNXQ$ > >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
