Community discussions

MikroTik App
  4. RouterOS
  5. General

No indication that calea works.

Post Reply
 
User avatar
ojsa
Member Candidate
Member Candidate
Topic Author
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

No indication that calea works.

Sun Jun 06, 2010 3:13 pm

I try to implement Calea. In my lab I have testet on routerOS 4.9 and 4.10 with the lastes of firmware (bios), I use a RB800 and RB450. The configuration is as close to the documentation example on Calea that I could get.

There is no data send in between then, sniffing on the interface shows no data.

To me it seems kind of like a issue mentioned in 3.12 relase. Nothing is happening. I can se that Calea make the folders but since there is no data going in between it could be the reason for not logging anything. I have also tried to intercept and log in the same routerboard, still no change.

No data when sent to wireshark either.

The intercept "filter" is straight forward.
Code: Select all
[admin@gw] /ip firewall calea> print 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=forward action=sniff-pc sniff-target=192.168.2.8 sniff-target-port=5555 sniff-id=100 src-address=192.168.1.101 
 1   chain=forward action=sniff-pc sniff-target=192.168.2.8 sniff-target-port=5555 sniff-id=100 dst-address=192.168.1.101
On the Calea server the config is like.
Code: Select all
[admin@solbakken_450g_test] /tool calea> print 
Flags: X - disabled 
 0   case-id=100 case-name="" intercept-ip=192.168.2.1 intercept-port=5555 
     action=pcap pcap-file-stop-interval=15m pcap-file-stop-size=20480 
     pcap-file-stop-count=100 pcap-file-hash-method=md5
I have tried a lot of different settings, but no change.

Tip anyone?
Top
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:
Contact sergejs

Re: No indication that calea works.

Mon Jun 07, 2010 11:12 am

What do you get from:
Code: Select all
/ip firewall calea print all stats
Top
 
User avatar
ojsa
Member Candidate
Member Candidate
Topic Author
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: No indication that calea works.

Mon Jun 07, 2010 12:29 pm

Code: Select all
[admin@solbakken_450g_test] > /ip firewall calea print all stats 
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN       ACTION   BYTES           PACKETS
And
Code: Select all
[admin@gw] > /ip firewall calea print all stats
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN       ACTION   BYTES           PACKETS
Both of them are now running Calea.
Top
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:
Contact sergejs

Re: No indication that calea works.

Mon Jun 07, 2010 1:01 pm

It would be great to see how many packets are going through your rule (not just only print command).
Top
 
User avatar
ojsa
Member Candidate
Member Candidate
Topic Author
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: No indication that calea works.

Mon Jun 07, 2010 1:24 pm

;-) It was empty. No information, not even zero..
Code: Select all
[admin@gw] > 
[admin@gw] > 
[admin@gw] > /ip firewall calea print all stats
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN       ACTION   BYTES           PACKETS        
[admin@gw] > 
[admin@gw] >
Top
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:
Contact sergejs

Re: No indication that calea works.

Mon Jun 07, 2010 1:35 pm

How did you get these rules?

[admin@gw] /ip firewall calea> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=sniff-pc sniff-target=192.168.2.8 sniff-target-port=5555 sniff-id=100 src-address=192.168.1.101
1 chain=forward action=sniff-pc sniff-target=192.168.2.8 sniff-target-port=5555 sniff-id=100 dst-address=192.168.1.101


Make sure your user is with sniff permissions.
Top
 
User avatar
ojsa
Member Candidate
Member Candidate
Topic Author
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: No indication that calea works.

Mon Jun 07, 2010 2:51 pm

The rules where added on Gw (192.168.1.1 and 192.168.2.1) with the admin user, with permission to sniff.

The client has ip 192.168.1.101 connected to 192.168.1.1 (gateway with the /ip/firewall/calea rules). The gw then sends the data to the Calea "server" with ip 192.168.2.8. The gateway has also 192.168.2.1 ip for routing in between the two networks. All ip connections in between the nodes works, but there is no data on the Calea "server" (192.168.2.8) and nothing in between Calea "server" (192.168.2.8) and Gw (192.168.2.1). I sniffed on both sides.

To me it seems that the Gw does not detect the clients ip address going through the gateway.
I have also tried with /interface/bridge/calea and with src-address-list to detect several ip addresses.
To double check I will take two new boxes and make everything one more time (manual) to eliminate errors.

I will try to do this in the evening.
Top
 
User avatar
ojsa
Member Candidate
Member Candidate
Topic Author
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: No indication that calea works.

Mon Jun 07, 2010 11:10 pm

Really strange.

After a couple of reboots it suddenly started to log without any changes. And from then on it worked like a charme. It could be that i spesified the in and out interface rather running without it, but i really thought that it would not be necessary

Anyway thank you for pointing out the stats commands.
Top
Post Reply

Who is online

Users browsing this forum: hecatae, hsnmsupport, JustinLin, Semrush [Bot], sid5632 and 122 guests
  4. RouterOS
  5. General