Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cant start snort 2.9.6.2 pkg v3.1.1 x86 - FATAL ERROR: pf.conf => Table snort2c

    Scheduled Pinned Locked Moved pfSense Packages
    16 Posts 5 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      marian78
      last edited by

      hi, thx for answer.

      i have standard i386 instalation with pfblocker, ntopng, arpwatch, servicewatchdog, squid3-dev (with SSL, transparent, enabled c-icap), openvpnclient, traficshaping, enabled ssh. That is all, no cli modding….  :(

      i have instaled only 2GB ram, is it enough? may be the cause of memory..... or?

      pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

      1 Reply Last reply Reply Quote 0
      • BBcan177B Offline
        BBcan177 Moderator
        last edited by

        From the shell, you could try to manually create this missing table.

        pfctl -t snort2c -T add 1.1.1.1

        This will create the table and add a dummy 1.1.1.1 ip address. You could clear this ip later if you wish.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • M Offline
          marian78
          last edited by

          hi, again thx for reply sir.

          now I'm at work when I get home, I'll try.  :)

          pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

          1 Reply Last reply Reply Quote 0
          • bmeeksB Offline
            bmeeks
            last edited by

            @marian78:

            hi, again thx for reply sir.

            now I'm at work when I get home, I'll try.  :)

            BBcan177's fix should work, but the bigger question is what happened to that table to begin with.  That table is part of the default install with pfSense.  It should exist whether the Snort package is installed or not.

            Bill

            1 Reply Last reply Reply Quote 0
            • M Offline
              marian78
              last edited by

              Tt is a new installation from yesterday.
              when I last configured squid3dev as transparent SSL proxy server, I noticed that I can not run snort..  :'(

              i dont know what happend, i only use pfsense UI….

              pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

              1 Reply Last reply Reply Quote 0
              • bmeeksB Offline
                bmeeks
                last edited by

                @marian78:

                Tt is a new installation from yesterday.
                when I last configured squid3dev as transparent SSL proxy server, I noticed that I can not run snort..  :'(

                i dont know what happend, i only use pfsense UI….

                Hmm…wonder if the squid3dev package makes any adjustments to default pfSense tables...???

                This is the first time I've seen this particular error reported.

                Bill

                1 Reply Last reply Reply Quote 0
                • M Offline
                  marian78
                  last edited by

                  @BBcan177:

                  From the shell, you could try to manually create this missing table.

                  pfctl -t snort2c -T add 1.1.1.1

                  This will create the table and add a dummy 1.1.1.1 ip address. You could clear this ip later if you wish.

                  Hi man (genius), this helped. i will send 4 beers and 2 strippers to your working table. Thx.  ;D  But after reboot i have this problem again.  :'(

                  pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

                  1 Reply Last reply Reply Quote 0
                  • bmeeksB Offline
                    bmeeks
                    last edited by

                    @marian78:

                    @BBcan177:

                    From the shell, you could try to manually create this missing table.

                    pfctl -t snort2c -T add 1.1.1.1

                    This will create the table and add a dummy 1.1.1.1 ip address. You could clear this ip later if you wish.

                    Hi man (genius), this helped. i will send 4 beers and 2 strippers to your working table. Thx.  ;D  But after reboot i have this problem again.  :'(

                    Yes…something has altered your default pfSense startup scripts in some manner.  That <snort2c>table is supposed to be auto-created on pfSense boot up.  Is there any way you could backup your config and reinstall pfSense on that box?  That should fix the problem with the default table being missing.

                    Bill</snort2c>

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      marian78
                      last edited by

                      hi,

                      i played with all settings and i examine, that for now all problem are from "traffic shaper". When i delete all rules for shaper, all works ok and after reboot too. Strange…  :o

                      For now i will stay without "traffic shaper". Is not important to me.

                      pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

                      1 Reply Last reply Reply Quote 0
                      • bmeeksB Offline
                        bmeeks
                        last edited by

                        @marian78:

                        hi,

                        i played with all settings and i examine, that for now all problem are from "traffic shaper". When i delete all rules for shaper, all works ok and after reboot too. Strange…  :o

                        For now i will stay without "traffic shaper". Is not important to me.

                        That's an interesting discovery.  The traffic shaper might be changing some of the filter defaults when it's enabled.  Thank you for the feedback.  I might need to discuss this offline with the pfSense guys to see what's up and if there is something I need to do in the Snort and Suricata packages to compensate.

                        Bill

                        1 Reply Last reply Reply Quote 0
                        • M Offline
                          marian78
                          last edited by

                          thx, sir, i stay tuned….  ;)

                          edit: i attached instaled packages...

                          Snímka.JPG
                          Snímka.JPG_thumb

                          pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

                          1 Reply Last reply Reply Quote 0
                          • ? Offline
                            A Former User
                            last edited by

                            Glanced over the thread, so I might have missed something.

                            Maybe you run into this: https://forum.pfsense.org/index.php?topic=70107.msg383032#msg383032

                            1 Reply Last reply Reply Quote 0
                            • M Offline
                              marian78
                              last edited by

                              hi, for now i dont use traffic shaping, maybe that was the problem, i have table also corupted….

                              pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

                              1 Reply Last reply Reply Quote 0
                              • T Offline
                                tuxrazor
                                last edited by

                                Also found that if the bandwidths are set incorrectly on the traffic shaping,i.e 400Mb/s instead of 80Mb/s it causes the tables to disappear?changing the value re-instates the sshlockout and default lockouts w/o rebooting.
                                The snort2c table may have to be manually recreated after this as per above post.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.