Strange behavior with SG-1000



  • Hello everyone, i just starting playing with my SG-1000 and it really behaves strangely.

    I tried to set it up (192.168.10.1) behind another pfsense (192.168.1.1) although i can ping 8.8.8.8 from a PC connected to the LAN port of SG-1000 (with an IP address, 192.168.10.10), i cannot access any web site. Besides CPU utilization is almost at 100% and system us really slow even only LAN cable is connected only (nothing on the WAN side)

    Any idea?


  • Banned

    @chedxb:

    even only LAN cable is connected only (nothing on the WAN side)

    Pardon? Yeah, with WAN disconnected, you indeed cannot access any web site. SIGDUH!



  • Well, I unplugged WAN cable while testing the CPU utilization. Otherwise when testing pinging 8.8.8.8 or web access, WAN cable was plugged in 😊


  • Banned

    Then perhaps draw a network diagram. You cannot have WAN and LAN on the same subnet. That's what follows from your description. So, no, you cannot have 192.168.10.1/24 on WAN and 192.168.10.10/24 on LAN. Will not work.



  • here it is,

    PC>SG-1000_LAN>SG-1000_WAN>pfSense Router>Internet

    40.79.81.193/25>40.79.81.174/25>192.168.1.1/24>XXXXX

    I can ping 8.8.8.8 from the PC, however cannot access to any website.



  • You have listed 5 devices but only four IPs. Its still not clear what IP address your SG1000 WAN and pfSense Router IPs are.  I'm assuming your PC and LAN are using the 40.x.x.x IPs. That's a bad idea:

    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #
    # If you see inaccuracies in the results, please report at
    # https://www.arin.net/public/whoisinaccuracy/index.xhtml
    #
    
    NetRange:       40.74.0.0 - 40.125.127.255
    CIDR:           40.112.0.0/13, 40.76.0.0/14, 40.124.0.0/16, 40.96.0.0/12, 40.125.0.0/17, 40.120.0.0/14, 40.74.0.0/15, 40.80.0.0/12
    NetName:        MSFT
    NetHandle:      NET-40-74-0-0-1
    Parent:         NET40 (NET-40-0-0-0-0)
    NetType:        Direct Assignment
    OriginAS:       
    Organization:   Microsoft Corporation (MSFT)
    RegDate:        2015-02-23
    Updated:        2015-05-27
    Ref:            https://whois.arin.net/rest/net/NET-40-74-0-0-1
    

    You need to move your lan subnet to a RFC1918 compliant address range it somewhere in one of the following ranges as these networks will never be found outside an internet connected firewall:

    10.0.0.0 - 10.255.255.255 (10/8 prefix)
    172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
    192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
    

  • LAYER 8 Netgate

    40.79.81.193/25>40.79.81.174/25>

    Can't have two different interfaces on the same subnet, which it looks like you are doing there.

    Reset to factory and connect the SG-1000 WAN into your existing LAN and a test device to SG-1000 LAN.

    The default config is DHCP WAN with a DHCP server on LAN on 192.168.1.0/24 and NAT for all LAN traffic out WAN.



  • this is the correct one

    PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

    There is OpenVPN client on the pfSense Router (192.168.1.1/24), but I think it is irrelevant.

    Interestingly I can ping 8.8.8.8 from the PC (40.79.81.193/25) and SG-1000 can access Package Manager and Update. However, I cannot access any web site from the PC (40.79.81.193/25)



  • I just noticed that Snort on pfSense Router (192.168.1.1/24) is blocking SG-1000_WAN (192.168.1.40/24)

    2017-01-05
    16:49:26
    1
    UDP
    A Network Trojan was Detected
    192.168.1.40

    123
    74.120.81.219

    123
    1:2404075

    ET CNC Shadowserver Reported CnC Server UDP group 38



  • still the same problem even I whitelisted on Snort.


  • Banned

    Dude get Snort out of the way while you are unable to get absolute basics working!!! (I.e., turn it OFF!)



  • absolute basics are working fine with OpenWrt, Lede, etc. when Snort is ON. What is SG-1000's exception here?


  • Banned

    Do as you wish. Noone wants to debug crap like Snort blocking your basic connectivity. Get basics working.



  • If you can consistently ping sites but not go anywhere via browser then you may have a DNS problem, or an upstream access via 80/443 issue.



  • Hi Kom, thx, could u elaborate upstream access via 80/443 issue?



  • If your router is connected to another router/firewall, there may be restrictions on direct web access.  In other words, you may have to go through some other proxy that is upstream from you.  I'm just guessing since I know little about your network config, and I have no interest in trying to figure it out based on several confusing posts.



  • @chedxb:

    PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

    So you have:

    
    Internet (xxxx)
         |
    pfSense1 WAN (xxxx)
    pfSense1 LAN (192.168.1.1, Snort)
         |
    SG1000 WAN (192.168.1.40)
    SG1000 LAN (40.79.81.174/25) << wtf
         |
    device
    
    

    Sort out your SG1000 first. For example, while you're testing, put the SG1000 LAN into 192.168.2.0/24, and verify you have the basics correct. I don't understand why you're trying to use a public IP range that you do not own on your SG1000 LAN; no wonder Snort is probably having problems. Turn off Snort, reconfigure your SG1000 LAN (and thus downstream Device) and start again.



  • Yeah what's up with you running public IP space behind private IP space?  I've never seen that before for a normal ISP connection.


Log in to reply