NethSecurity Beta2 Questions and Feedback

harry · March 12, 2024, 6:00am

Right after Beta2 was announced, I did a clean install on the same HW I had previously used NethServer 7.9. I did so because the only features I was using on NethServer were as a home firewall/router, and OpenVPN Road Warrior. Although I had some other things configured, I wasn’t using them.

I installed in on ProxMox and had a bunch of issues getting that working, which I appreciate is not a NethServer or NethSecurity issue, and which are probably entirely because, while I had NethServer running on top of ProxMox for a while, I had forgotten what little I know about how to use it.

I have been doing both Bug and security fixes, and System update with the image file pretty much the same day.

OVERALL IMPRESSION: SLICK! It boots fast. I am really pleased you support immutable images. I can update with an image and my Direct TV Stream programs buffer enough that nobody can tell the router rebooted.

Doing Speedtests from my wired desktop to the Internet seems slightly faster than with NethServer 7.9.

POSSIBLE BUGS

I have about 20 devices with IP addresses, 12 of which I assigned static leases. For the last few updates, the Dynamic leases tab says “No dynamic leases found.” I checked one device, and is has a DHCP-assigned IP address. I would like to see the list of dynamic leases and probably assign some more, but it is not a big deal for now.

I am using Threat Shield and have it enabled, but on the Dashboard, it says Threat Shield IP is inactive. I don’t think this was ever showing as active. I know Threat Shield is at least partially working, because if I experiment with repositories, I can tell various web pages become inaccessible.

DETAILS

Speedtest run from the Desktop PC (Windows 11) with 1GE has been as high as 950Mbps download This is about 3% higher than with Nethserver 7.9 on the same hardware, but with no hypervisor…

My Xfinity Comcast service is rated at 1Gbps download, and 100Mbps upload. If I run Xfinity’s speedtest from their website to the Xfinity/Technicolor router, it usually tests at ~1160 Mbps download, and 120Mbps upload. Upload speed measured at my Windows 11 PC is 120Mbps.

My config is as follows (ignoring 3 unmanaged GE switches and 3 2.4/5Ghz WiFi access points:

INTERNET ↔ Xfinity Technicolor Gateway configured as router <2.5G Ethernet Cat5 >2.5G Ethernet to USB3 dongle (RealTek chip) ↔ Fanless Intel i74600 running NethSec on ProxmoxDesktop PC.

giacomo · March 12, 2024, 10:07am

Hi Harry,
thanks for testing it!

That page has been recently modified, see this card.
I’m not sure is correct: right now it displays only dynamic leases without a reservation.
What do you expect to see?

Threat shield is the commercial name of paid list from Nethesis.
It uses banip, so in the dashboard you should see the banip card with a green label and the threat shield with a grey one. Is this your case?

Maybe we should remove the banip one? Any other suggestion?

harry · March 13, 2024, 4:09pm

Giacomo, my pleasure, you know I am a fan of what you guys are doing.

Concerning your 1st question, as of the last update, there are now entries on the Dynamic lease page for the three IP devices it has assigned DHCP addresses for, so what I reported has been fixed.

Regarding your 2nd question. Indeed, BanIP is Active, and threat Sield IP is inactive. I suggest you pick a pick a method that reflects reality, to prevent similar noobie questions. One other minor point I just noticed. Threat Shield is spelled with a lower case “s” In both the left menu, and at the top of the configuration page.