Blockquote
Could you post the output ofiptables -L -n -v(without-t nat/raw) again once you discover these ports to be publicly reachable again?
Yes!
Blockquote
Also, is there anything in the logs indicating why the IPS stopped?
No. But maybe I was looking in the wrong place. I’m not that deep into it (I’m very busy at work at the moment, which is why I don’t have much time). For that I need some instruction.
Which IPFire version are you running on?
IPFire 2.27 (x86_64) - Core Update 162
I have been using IPFire since last fall. Always have the latest version installed.
Are there any customisations made to this system?
No. I had played around with the script once: URL Filter and self updating blacklists? - #16 by mutley But it is currently uninstalled again and I had the problem before.
I still have a Pi-Hole running: Redirect all traffic from Green to PiHole - #13 by anon87475738
These packages are installed:
- clamav
- cpufrequtils
- fireperf
- iperf3
- mcelog (see below)
- nano
- powertop (Not used, as it did not work in the last attempt. Have a CoreBoot FW, maybe that is the reason?)
- speedtest-cli
- squidclamav
Sometimes there are these errors.
“WARNING: Kernel Errors Present
mce: [Hardware Error]: Machine check …: 2 Time(s)”
I have not been able to figure out what this is. Ram?
Then there are error messages (kernel) about the QoS (but they have nothing to do with the above problem):
1 Time(s): Actions configured
1 Time(s): Performance counters on
1 Time(s): input device check on
1 Time(s): 8021q: 802.1Q VLAN Support v1.8
1 Time(s): 8021q: adding VLAN 0 to HW filter on device blue0
1 Time(s): 8021q: adding VLAN 0 to HW filter on device green0
1 Time(s): 8021q: adding VLAN 0 to HW filter on device orange0
1 Time(s): 8021q: adding VLAN 0 to HW filter on device red0
1 Time(s): Adding 1048572k swap on /dev/sda3. Priority:1 extents:1 across:1048572k SSFS
1 Time(s): GACT probability on
1 Time(s): HTB: quantum of class 10001 is big. Consider r2q change.
1 Time(s): HTB: quantum of class 10110 is small. Consider r2q change.
1 Time(s): HTB: quantum of class 10120 is small. Consider r2q change.
1 Time(s): HTB: quantum of class 20001 is big. Consider r2q change.
1 Time(s): HTB: quantum of class 20200 is big. Consider r2q change.
1 Time(s): HTB: quantum of class 20203 is big. Consider r2q change.
1 Time(s): HTB: quantum of class 20204 is big. Consider r2q change.
1 Time(s): HTB: quantum of class 20210 is small. Consider r2q change.
1 Time(s): HTB: quantum of class 20220 is small. Consider r2q change.
1 Time(s): Kernel log daemon terminating.
1 Time(s): Kernel logging (proc) stopped.
1 Time(s): Mirror/redirect action on
1 Time(s): cfg80211: Loaded X.509 cert ‘sforshee: 00b28ddf47aef9cea7’
1 Time(s): cfg80211: Loading compiled-in X.509 certificates for regulatory database
1 Time(s): htb: too many events!
1 Time(s): igb 0000:01:00.0 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
1 Time(s): igb 0000:02:00.0 green0: igb: green0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
1 Time(s): igb 0000:04:00.0 orange0: igb: orange0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
1 Time(s): perf: interrupt took too long (2548 > 2500), lowering kernel.perf_event_max_sample_rate to 78000
1 Time(s): perf: interrupt took too long (3236 > 3185), lowering kernel.perf_event_max_sample_rate to 61000
1 Time(s): perf: interrupt took too long (4064 > 4045), lowering kernel.perf_event_max_sample_rate to 49000
1 Time(s): perf: interrupt took too long (5540 > 5080), lowering kernel.perf_event_max_sample_rate to 36000
1 Time(s): perf: interrupt took too long (6957 > 6925), lowering kernel.perf_event_max_sample_rate to 28000
1 Time(s): u32 classifier
1 Time(s): xt_geoip: loading out-of-tree module taints kernel.
That was from yesterday. Today there is much less so far.
In Orange there is an Edgerouter running OpenWRT and doing DHCP and DNS. With this I bypassed the limitations of IPFIre 2.x, because I wanted to completely separate the two computers that are in orange from my others.
This is just for information.