Strange behavior with SG-1000
-
here it is,
PC>SG-1000_LAN>SG-1000_WAN>pfSense Router>Internet
40.79.81.193/25>40.79.81.174/25>192.168.1.1/24>XXXXX
I can ping 8.8.8.8 from the PC, however cannot access to any website.
-
You have listed 5 devices but only four IPs. Its still not clear what IP address your SG1000 WAN and pfSense Router IPs are. I'm assuming your PC and LAN are using the 40.x.x.x IPs. That's a bad idea:
# # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # https://www.arin.net/public/whoisinaccuracy/index.xhtml # NetRange: 40.74.0.0 - 40.125.127.255 CIDR: 40.112.0.0/13, 40.76.0.0/14, 40.124.0.0/16, 40.96.0.0/12, 40.125.0.0/17, 40.120.0.0/14, 40.74.0.0/15, 40.80.0.0/12 NetName: MSFT NetHandle: NET-40-74-0-0-1 Parent: NET40 (NET-40-0-0-0-0) NetType: Direct Assignment OriginAS: Organization: Microsoft Corporation (MSFT) RegDate: 2015-02-23 Updated: 2015-05-27 Ref: https://whois.arin.net/rest/net/NET-40-74-0-0-1You need to move your lan subnet to a RFC1918 compliant address range it somewhere in one of the following ranges as these networks will never be found outside an internet connected firewall:
10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) -
40.79.81.193/25>40.79.81.174/25>
Can't have two different interfaces on the same subnet, which it looks like you are doing there.
Reset to factory and connect the SG-1000 WAN into your existing LAN and a test device to SG-1000 LAN.
The default config is DHCP WAN with a DHCP server on LAN on 192.168.1.0/24 and NAT for all LAN traffic out WAN.
-
this is the correct one
PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)
There is OpenVPN client on the pfSense Router (192.168.1.1/24), but I think it is irrelevant.
Interestingly I can ping 8.8.8.8 from the PC (40.79.81.193/25) and SG-1000 can access Package Manager and Update. However, I cannot access any web site from the PC (40.79.81.193/25)
-
I just noticed that Snort on pfSense Router (192.168.1.1/24) is blocking SG-1000_WAN (192.168.1.40/24)
2017-01-05
16:49:26
1
UDP
A Network Trojan was Detected
192.168.1.40123
74.120.81.219123
1:2404075ET CNC Shadowserver Reported CnC Server UDP group 38
-
still the same problem even I whitelisted on Snort.
-
Dude get Snort out of the way while you are unable to get absolute basics working!!! (I.e., turn it OFF!)
-
absolute basics are working fine with OpenWrt, Lede, etc. when Snort is ON. What is SG-1000's exception here?
-
Do as you wish. Noone wants to debug crap like Snort blocking your basic connectivity. Get basics working.
-
If you can consistently ping sites but not go anywhere via browser then you may have a DNS problem, or an upstream access via 80/443 issue.
-
Hi Kom, thx, could u elaborate upstream access via 80/443 issue?
-
If your router is connected to another router/firewall, there may be restrictions on direct web access. In other words, you may have to go through some other proxy that is upstream from you. I'm just guessing since I know little about your network config, and I have no interest in trying to figure it out based on several confusing posts.
-
PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)
So you have:
Internet (xxxx) | pfSense1 WAN (xxxx) pfSense1 LAN (192.168.1.1, Snort) | SG1000 WAN (192.168.1.40) SG1000 LAN (40.79.81.174/25) << wtf | deviceSort out your SG1000 first. For example, while you're testing, put the SG1000 LAN into 192.168.2.0/24, and verify you have the basics correct. I don't understand why you're trying to use a public IP range that you do not own on your SG1000 LAN; no wonder Snort is probably having problems. Turn off Snort, reconfigure your SG1000 LAN (and thus downstream Device) and start again.
-
Yeah what's up with you running public IP space behind private IP space? I've never seen that before for a normal ISP connection.
