Strange behavior with SG-1000
-
I just noticed that Snort on pfSense Router (192.168.1.1/24) is blocking SG-1000_WAN (192.168.1.40/24)
2017-01-05
16:49:26
1
UDP
A Network Trojan was Detected
192.168.1.40123
74.120.81.219123
1:2404075ET CNC Shadowserver Reported CnC Server UDP group 38
-
still the same problem even I whitelisted on Snort.
-
Dude get Snort out of the way while you are unable to get absolute basics working!!! (I.e., turn it OFF!)
-
absolute basics are working fine with OpenWrt, Lede, etc. when Snort is ON. What is SG-1000's exception here?
-
Do as you wish. Noone wants to debug crap like Snort blocking your basic connectivity. Get basics working.
-
If you can consistently ping sites but not go anywhere via browser then you may have a DNS problem, or an upstream access via 80/443 issue.
-
Hi Kom, thx, could u elaborate upstream access via 80/443 issue?
-
If your router is connected to another router/firewall, there may be restrictions on direct web access. In other words, you may have to go through some other proxy that is upstream from you. I'm just guessing since I know little about your network config, and I have no interest in trying to figure it out based on several confusing posts.
-
PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)
So you have:
Internet (xxxx) | pfSense1 WAN (xxxx) pfSense1 LAN (192.168.1.1, Snort) | SG1000 WAN (192.168.1.40) SG1000 LAN (40.79.81.174/25) << wtf | deviceSort out your SG1000 first. For example, while you're testing, put the SG1000 LAN into 192.168.2.0/24, and verify you have the basics correct. I don't understand why you're trying to use a public IP range that you do not own on your SG1000 LAN; no wonder Snort is probably having problems. Turn off Snort, reconfigure your SG1000 LAN (and thus downstream Device) and start again.
-
Yeah what's up with you running public IP space behind private IP space? I've never seen that before for a normal ISP connection.
