can't update rules suricata

ezvink

This post is deleted!

ezvink

@bmeeks
I installed pfsense on a virtual box, sir, and to install it using a wifi network that has an IP Gateway 192.168.18.1 automatically from my home router

ezvink

I have added the DNS 8.8.8.8 and 8.8.4.4, sir, but still when I update the rules for Suricata it fails

ezvink

@bmeeks

this is my pfsense i installed snort, still the same dnslookup still fails but i have no problem with snort rules snort exists.

ezvink

@ezvink

ezvink

@bmeeks

this is the pfsense I just reinstalled.
I tried to add a dns server from the ISP that I use, but still IP 127.0.0.1 does not respond, but the dns server that I use responds.
will this still not work?

NollipfSense

@ezvink I think I found your problem since you said you're using VirtualBox... it seems that your LAN is not on the same network as your WIFI although IPv6 seems to be. Try this...notice yours and mine... wondered whether you're able to see your webgui...
Screen Shot 2022-05-29 at 8.54.16 PM.png

Screen Shot 2022-05-29 at 9.04.51 PM.png

Set your adapter 2 on WIFI like here:

Screen Shot 2022-05-29 at 9.16.37 PM.png

Then at the console select 2 then 2 and enter LAN address on your WIFI network exanple 192.168.18.211/24 and no to DHCP as well as no change to webgui. You should be able to login on your webgui and then you should be able to load Snort/Suricata.

Screen Shot 2022-05-29 at 9.20.57 PM.png

ezvink

@nollipfsense I use network settings adapter 1 using a wifi device, adapter 2 devices from the virtual box itself are filled with IP 192.168.1.5 Gateway 192.168.1.1
if i don't use network like sometimes i can't access pfsense web gui

NollipfSense

@ezvink But 192.168.1.1 cannot go anywhere because it's not a gateway...It's your LAN and your gateway is 192.168.10.43...

ezvink

@nollipfsense said in can't update rules suricata:

But 192.168.1.1 cannot go anywhere because it's not a gateway...It's your LAN and your gateway is 192.168.10.43...

so I have to move my wifi device to adapter 2?

ezvink

@nollipfsense
this is my network settings.

and adapter 1 I set the host-only device from the virtual box with the IP as below:

ezvink

@bmeeks help me sir I'm getting confused

NollipfSense

@ezvink Not sure what this is below but it seems that you set that up
Screen Shot 2022-05-31 at 10.24.29 AM.png

However, here below you have it right, just be sure to click advance to check the cable box and you just need to set LAN with a static IP you know no other devices are on such as the 192.168.10.211 example given above in the FreeBSD console. Remove that Internet Protocol properties setting and reboot pfSense.

Screen Shot 2022-05-31 at 10.27.13 AM.png

When you boot pfSense VirtualBox VM, it should look like this below with no LAN IP.

Screen Shot 2022-05-31 at 10.45.59 AM.png

Now, enter option 2 then 2 for LAN interface, then enter the static IP, in your case 192.168.10.211, then 24 then enter none for gateway, then enter none for IPv6 if you want or enter an address...suggest you enter none, then no, to enabling DHCP, then no, to change webgui, then enter to continue and LAN will have an IP of 192.168.10.211...you can put that IP in your browser to access the webgui and make what you need for Snort/Suricata.

Screen Shot 2022-05-31 at 10.50.21 AM.png

Screen Shot 2022-05-31 at 10.58.42 AM.png

Screen Shot 2022-05-31 at 10.59.41 AM.png

You will see you webgui as here with LAN

Screen Shot 2022-05-31 at 11.11.18 AM.png

This is network basic 101 and you should ask your instructor/professor if you're not clear.

ezvink

@nollipfsense
if i delete internet protocol properties setting i can't access web gui

ezvink

now i can update the rules for suricata, but the dns settings that i use are different from the default from pfsense.
I use the dns I use i.e. dns from the ISP and it works.
if I use settings like this will there be problems later?

NollipfSense

@ezvink Glad you got it working...It does appear that you had a DNS issue...because you had WIFI, you had only one interface...WAN, which, with VirtualBox VM pfSense DNS in default local (127.0.0.1), you would still use the ISP's DNS. It doesn't appear you're not completely honest to describe how you fixed the problem you had members spending valuable time to help you.

ezvink

@nollipfsense
I'm not lying, sir, from the start I was confused about how to update the Suricata rules. but after you talk about dns ISPs I remember that ISPs that use DNS are different from other ISPs that can use Google or other ISPs. The ISP I use must use the ISP's DNS
below are the dns settings that I changed:

NollipfSense

@ezvink May be so, however, you had WAN in host-only Adapter mode so you shouldn't have any DNS issue...good luck!