Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange behavior with SG-1000

    Scheduled Pinned Locked Moved Hardware
    18 Posts 6 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chedxb
      last edited by

      Hello everyone, i just starting playing with my SG-1000 and it really behaves strangely.

      I tried to set it up (192.168.10.1) behind another pfsense (192.168.1.1) although i can ping 8.8.8.8 from a PC connected to the LAN port of SG-1000 (with an IP address, 192.168.10.10), i cannot access any web site. Besides CPU utilization is almost at 100% and system us really slow even only LAN cable is connected only (nothing on the WAN side)

      Any idea?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        @chedxb:

        even only LAN cable is connected only (nothing on the WAN side)

        Pardon? Yeah, with WAN disconnected, you indeed cannot access any web site. SIGDUH!

        1 Reply Last reply Reply Quote 0
        • C
          chedxb
          last edited by

          Well, I unplugged WAN cable while testing the CPU utilization. Otherwise when testing pinging 8.8.8.8 or web access, WAN cable was plugged in 😊

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Then perhaps draw a network diagram. You cannot have WAN and LAN on the same subnet. That's what follows from your description. So, no, you cannot have 192.168.10.1/24 on WAN and 192.168.10.10/24 on LAN. Will not work.

            1 Reply Last reply Reply Quote 0
            • C
              chedxb
              last edited by

              here it is,

              PC>SG-1000_LAN>SG-1000_WAN>pfSense Router>Internet

              40.79.81.193/25>40.79.81.174/25>192.168.1.1/24>XXXXX

              I can ping 8.8.8.8 from the PC, however cannot access to any website.

              1 Reply Last reply Reply Quote 0
              • G
                gsiemon
                last edited by

                You have listed 5 devices but only four IPs. Its still not clear what IP address your SG1000 WAN and pfSense Router IPs are.  I'm assuming your PC and LAN are using the 40.x.x.x IPs. That's a bad idea:

                #
                # ARIN WHOIS data and services are subject to the Terms of Use
                # available at: https://www.arin.net/whois_tou.html
                #
                # If you see inaccuracies in the results, please report at
                # https://www.arin.net/public/whoisinaccuracy/index.xhtml
                #
                
                NetRange:       40.74.0.0 - 40.125.127.255
                CIDR:           40.112.0.0/13, 40.76.0.0/14, 40.124.0.0/16, 40.96.0.0/12, 40.125.0.0/17, 40.120.0.0/14, 40.74.0.0/15, 40.80.0.0/12
                NetName:        MSFT
                NetHandle:      NET-40-74-0-0-1
                Parent:         NET40 (NET-40-0-0-0-0)
                NetType:        Direct Assignment
                OriginAS:       
                Organization:   Microsoft Corporation (MSFT)
                RegDate:        2015-02-23
                Updated:        2015-05-27
                Ref:            https://whois.arin.net/rest/net/NET-40-74-0-0-1
                

                You need to move your lan subnet to a RFC1918 compliant address range it somewhere in one of the following ranges as these networks will never be found outside an internet connected firewall:

                10.0.0.0 - 10.255.255.255 (10/8 prefix)
                172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
                192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
                
                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  40.79.81.193/25>40.79.81.174/25>

                  Can't have two different interfaces on the same subnet, which it looks like you are doing there.

                  Reset to factory and connect the SG-1000 WAN into your existing LAN and a test device to SG-1000 LAN.

                  The default config is DHCP WAN with a DHCP server on LAN on 192.168.1.0/24 and NAT for all LAN traffic out WAN.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • C
                    chedxb
                    last edited by

                    this is the correct one

                    PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

                    There is OpenVPN client on the pfSense Router (192.168.1.1/24), but I think it is irrelevant.

                    Interestingly I can ping 8.8.8.8 from the PC (40.79.81.193/25) and SG-1000 can access Package Manager and Update. However, I cannot access any web site from the PC (40.79.81.193/25)

                    1 Reply Last reply Reply Quote 0
                    • C
                      chedxb
                      last edited by

                      I just noticed that Snort on pfSense Router (192.168.1.1/24) is blocking SG-1000_WAN (192.168.1.40/24)

                      2017-01-05
                      16:49:26
                      1
                      UDP
                      A Network Trojan was Detected
                      192.168.1.40

                      123
                      74.120.81.219

                      123
                      1:2404075

                      ET CNC Shadowserver Reported CnC Server UDP group 38

                      1 Reply Last reply Reply Quote 0
                      • C
                        chedxb
                        last edited by

                        still the same problem even I whitelisted on Snort.

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by

                          Dude get Snort out of the way while you are unable to get absolute basics working!!! (I.e., turn it OFF!)

                          1 Reply Last reply Reply Quote 0
                          • C
                            chedxb
                            last edited by

                            absolute basics are working fine with OpenWrt, Lede, etc. when Snort is ON. What is SG-1000's exception here?

                            1 Reply Last reply Reply Quote 0
                            • D
                              doktornotor Banned
                              last edited by

                              Do as you wish. Noone wants to debug crap like Snort blocking your basic connectivity. Get basics working.

                              1 Reply Last reply Reply Quote 0
                              • KOMK
                                KOM
                                last edited by

                                If you can consistently ping sites but not go anywhere via browser then you may have a DNS problem, or an upstream access via 80/443 issue.

                                1 Reply Last reply Reply Quote 0
                                • C
                                  chedxb
                                  last edited by

                                  Hi Kom, thx, could u elaborate upstream access via 80/443 issue?

                                  1 Reply Last reply Reply Quote 0
                                  • KOMK
                                    KOM
                                    last edited by

                                    If your router is connected to another router/firewall, there may be restrictions on direct web access.  In other words, you may have to go through some other proxy that is upstream from you.  I'm just guessing since I know little about your network config, and I have no interest in trying to figure it out based on several confusing posts.

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      moikerz
                                      last edited by

                                      @chedxb:

                                      PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

                                      So you have:

                                      
                                      Internet (xxxx)
                                           |
                                      pfSense1 WAN (xxxx)
                                      pfSense1 LAN (192.168.1.1, Snort)
                                           |
                                      SG1000 WAN (192.168.1.40)
                                      SG1000 LAN (40.79.81.174/25) << wtf
                                           |
                                      device
                                      
                                      

                                      Sort out your SG1000 first. For example, while you're testing, put the SG1000 LAN into 192.168.2.0/24, and verify you have the basics correct. I don't understand why you're trying to use a public IP range that you do not own on your SG1000 LAN; no wonder Snort is probably having problems. Turn off Snort, reconfigure your SG1000 LAN (and thus downstream Device) and start again.

                                      1 Reply Last reply Reply Quote 0
                                      • KOMK
                                        KOM
                                        last edited by

                                        Yeah what's up with you running public IP space behind private IP space?  I've never seen that before for a normal ISP connection.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.