Strange behavior with SG-1000

chedxb

Hello everyone, i just starting playing with my SG-1000 and it really behaves strangely.

I tried to set it up (192.168.10.1) behind another pfsense (192.168.1.1) although i can ping 8.8.8.8 from a PC connected to the LAN port of SG-1000 (with an IP address, 192.168.10.10), i cannot access any web site. Besides CPU utilization is almost at 100% and system us really slow even only LAN cable is connected only (nothing on the WAN side)

Any idea?

doktornotor

@chedxb:

even only LAN cable is connected only (nothing on the WAN side)

Pardon? Yeah, with WAN disconnected, you indeed cannot access any web site. SIGDUH!

chedxb

Well, I unplugged WAN cable while testing the CPU utilization. Otherwise when testing pinging 8.8.8.8 or web access, WAN cable was plugged in

doktornotor

Then perhaps draw a network diagram. You cannot have WAN and LAN on the same subnet. That's what follows from your description. So, no, you cannot have 192.168.10.1/24 on WAN and 192.168.10.10/24 on LAN. Will not work.

chedxb

here it is,

PC>SG-1000_LAN>SG-1000_WAN>pfSense Router>Internet

40.79.81.193/25>40.79.81.174/25>192.168.1.1/24>XXXXX

I can ping 8.8.8.8 from the PC, however cannot access to any website.

gsiemon

You have listed 5 devices but only four IPs. Its still not clear what IP address your SG1000 WAN and pfSense Router IPs are.  I'm assuming your PC and LAN are using the 40.x.x.x IPs. That's a bad idea:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#

NetRange:       40.74.0.0 - 40.125.127.255
CIDR:           40.112.0.0/13, 40.76.0.0/14, 40.124.0.0/16, 40.96.0.0/12, 40.125.0.0/17, 40.120.0.0/14, 40.74.0.0/15, 40.80.0.0/12
NetName:        MSFT
NetHandle:      NET-40-74-0-0-1
Parent:         NET40 (NET-40-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       
Organization:   Microsoft Corporation (MSFT)
RegDate:        2015-02-23
Updated:        2015-05-27
Ref:            https://whois.arin.net/rest/net/NET-40-74-0-0-1

You need to move your lan subnet to a RFC1918 compliant address range it somewhere in one of the following ranges as these networks will never be found outside an internet connected firewall:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Derelict

40.79.81.193/25>40.79.81.174/25>

Can't have two different interfaces on the same subnet, which it looks like you are doing there.

Reset to factory and connect the SG-1000 WAN into your existing LAN and a test device to SG-1000 LAN.

The default config is DHCP WAN with a DHCP server on LAN on 192.168.1.0/24 and NAT for all LAN traffic out WAN.

chedxb

this is the correct one

PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

There is OpenVPN client on the pfSense Router (192.168.1.1/24), but I think it is irrelevant.

Interestingly I can ping 8.8.8.8 from the PC (40.79.81.193/25) and SG-1000 can access Package Manager and Update. However, I cannot access any web site from the PC (40.79.81.193/25)

chedxb

I just noticed that Snort on pfSense Router (192.168.1.1/24) is blocking SG-1000_WAN (192.168.1.40/24)

2017-01-05
16:49:26
1
UDP
A Network Trojan was Detected
192.168.1.40

123
74.120.81.219

123
1:2404075

ET CNC Shadowserver Reported CnC Server UDP group 38

chedxb

still the same problem even I whitelisted on Snort.

doktornotor

Dude get Snort out of the way while you are unable to get absolute basics working!!! (I.e., turn it OFF!)

chedxb

absolute basics are working fine with OpenWrt, Lede, etc. when Snort is ON. What is SG-1000's exception here?

doktornotor

Do as you wish. Noone wants to debug crap like Snort blocking your basic connectivity. Get basics working.

KOM

If you can consistently ping sites but not go anywhere via browser then you may have a DNS problem, or an upstream access via 80/443 issue.

chedxb

Hi Kom, thx, could u elaborate upstream access via 80/443 issue?

KOM

If your router is connected to another router/firewall, there may be restrictions on direct web access.  In other words, you may have to go through some other proxy that is upstream from you.  I'm just guessing since I know little about your network config, and I have no interest in trying to figure it out based on several confusing posts.

moikerz

@chedxb:

PC (40.79.81.193/25) > SG-1000_LAN (40.79.81.174/25) > SG-1000_WAN (192.168.1.40/24) > pfSense Router (192.168.1.1/24) >Internet (XXXXXXX)

So you have:

Internet (xxxx)
     |
pfSense1 WAN (xxxx)
pfSense1 LAN (192.168.1.1, Snort)
     |
SG1000 WAN (192.168.1.40)
SG1000 LAN (40.79.81.174/25) << wtf
     |
device

Sort out your SG1000 first. For example, while you're testing, put the SG1000 LAN into 192.168.2.0/24, and verify you have the basics correct. I don't understand why you're trying to use a public IP range that you do not own on your SG1000 LAN; no wonder Snort is probably having problems. Turn off Snort, reconfigure your SG1000 LAN (and thus downstream Device) and start again.

KOM

Yeah what's up with you running public IP space behind private IP space?  I've never seen that before for a normal ISP connection.