Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange behavior with SG-1000

    Scheduled Pinned Locked Moved
    Hardware
    6
    18
    4.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      40.79.81.193/25>40.79.81.174/25>

      Can't have two different interfaces on the same subnet, which it looks like you are doing there.

      Reset to factory and connect the SG-1000 WAN into your existing LAN and a test device to SG-1000 LAN.

      The default config is DHCP WAN with a DHCP server on LAN on 192.168.1.0/24 and NAT for all LAN traffic out WAN.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • C
        chedxb
        last edited by

        this is the correct one

        PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

        There is OpenVPN client on the pfSense Router (192.168.1.1/24), but I think it is irrelevant.

        Interestingly I can ping 8.8.8.8 from the PC (40.79.81.193/25) and SG-1000 can access Package Manager and Update. However, I cannot access any web site from the PC (40.79.81.193/25)

        1 Reply Last reply Reply Quote 0
        • C
          chedxb
          last edited by

          I just noticed that Snort on pfSense Router (192.168.1.1/24) is blocking SG-1000_WAN (192.168.1.40/24)

          2017-01-05
          16:49:26
          1
          UDP
          A Network Trojan was Detected
          192.168.1.40

          123
          74.120.81.219

          123
          1:2404075

          ET CNC Shadowserver Reported CnC Server UDP group 38

          1 Reply Last reply Reply Quote 0
          • C
            chedxb
            last edited by

            still the same problem even I whitelisted on Snort.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Dude get Snort out of the way while you are unable to get absolute basics working!!! (I.e., turn it OFF!)

              1 Reply Last reply Reply Quote 0
              • C
                chedxb
                last edited by

                absolute basics are working fine with OpenWrt, Lede, etc. when Snort is ON. What is SG-1000's exception here?

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  Do as you wish. Noone wants to debug crap like Snort blocking your basic connectivity. Get basics working.

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    If you can consistently ping sites but not go anywhere via browser then you may have a DNS problem, or an upstream access via 80/443 issue.

                    1 Reply Last reply Reply Quote 0
                    • C
                      chedxb
                      last edited by

                      Hi Kom, thx, could u elaborate upstream access via 80/443 issue?

                      1 Reply Last reply Reply Quote 0
                      • KOMK
                        KOM
                        last edited by

                        If your router is connected to another router/firewall, there may be restrictions on direct web access.  In other words, you may have to go through some other proxy that is upstream from you.  I'm just guessing since I know little about your network config, and I have no interest in trying to figure it out based on several confusing posts.

                        1 Reply Last reply Reply Quote 0
                        • M
                          moikerz
                          last edited by

                          @chedxb:

                          PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

                          So you have:

                          
Internet (xxxx)
     |
pfSense1 WAN (xxxx)
pfSense1 LAN (192.168.1.1, Snort)
     |
SG1000 WAN (192.168.1.40)
SG1000 LAN (40.79.81.174/25) << wtf
     |
device

                          Sort out your SG1000 first. For example, while you're testing, put the SG1000 LAN into 192.168.2.0/24, and verify you have the basics correct. I don't understand why you're trying to use a public IP range that you do not own on your SG1000 LAN; no wonder Snort is probably having problems. Turn off Snort, reconfigure your SG1000 LAN (and thus downstream Device) and start again.

                          1 Reply Last reply Reply Quote 0
                          • KOMK
                            KOM
                            last edited by

                            Yeah what's up with you running public IP space behind private IP space?  I've never seen that before for a normal ISP connection.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.