Strange behavior with SG-1000

Derelict

40.79.81.193/25>40.79.81.174/25>

Can't have two different interfaces on the same subnet, which it looks like you are doing there.

Reset to factory and connect the SG-1000 WAN into your existing LAN and a test device to SG-1000 LAN.

The default config is DHCP WAN with a DHCP server on LAN on 192.168.1.0/24 and NAT for all LAN traffic out WAN.

chedxb

this is the correct one

PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

There is OpenVPN client on the pfSense Router (192.168.1.1/24), but I think it is irrelevant.

Interestingly I can ping 8.8.8.8 from the PC (40.79.81.193/25) and SG-1000 can access Package Manager and Update. However, I cannot access any web site from the PC (40.79.81.193/25)

chedxb

I just noticed that Snort on pfSense Router (192.168.1.1/24) is blocking SG-1000_WAN (192.168.1.40/24)

2017-01-05
16:49:26
1
UDP
A Network Trojan was Detected
192.168.1.40

123
74.120.81.219

123
1:2404075

ET CNC Shadowserver Reported CnC Server UDP group 38

chedxb

still the same problem even I whitelisted on Snort.

doktornotor

Dude get Snort out of the way while you are unable to get absolute basics working!!! (I.e., turn it OFF!)

chedxb

absolute basics are working fine with OpenWrt, Lede, etc. when Snort is ON. What is SG-1000's exception here?

doktornotor

Do as you wish. Noone wants to debug crap like Snort blocking your basic connectivity. Get basics working.

KOM

If you can consistently ping sites but not go anywhere via browser then you may have a DNS problem, or an upstream access via 80/443 issue.

chedxb

Hi Kom, thx, could u elaborate upstream access via 80/443 issue?

KOM

If your router is connected to another router/firewall, there may be restrictions on direct web access.  In other words, you may have to go through some other proxy that is upstream from you.  I'm just guessing since I know little about your network config, and I have no interest in trying to figure it out based on several confusing posts.

moikerz

@chedxb:

PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

So you have:

Internet (xxxx)
     |
pfSense1 WAN (xxxx)
pfSense1 LAN (192.168.1.1, Snort)
     |
SG1000 WAN (192.168.1.40)
SG1000 LAN (40.79.81.174/25) << wtf
     |
device

Sort out your SG1000 first. For example, while you're testing, put the SG1000 LAN into 192.168.2.0/24, and verify you have the basics correct. I don't understand why you're trying to use a public IP range that you do not own on your SG1000 LAN; no wonder Snort is probably having problems. Turn off Snort, reconfigure your SG1000 LAN (and thus downstream Device) and start again.

KOM

Yeah what's up with you running public IP space behind private IP space?  I've never seen that before for a normal ISP connection.