UPDATE: ATTACK?SNORT:HTTP-INSPECT TOO MANY PIPELINED REQUESTS

magrw2066

Hello!
UPDATE: system log: arpresolve can't allocate llinfo 192.168.10.64 on igb0.1

[SIMPLIFICATION:
+–-------+-------------+
|          wan          |
|  wanx gw [size=10pt]192.168.10.64  |
|    pfsense          |
|                            |
|            lan (subif:192.168.10.100)       |
+–---------+----------+
              |
              |
              |
+-----------+-----------+
|  (udp dns to.    |   
|8.8.8.8 dnatd by|
|    iptables)        |   
|          client      |
|                            |
+-----------------------+

]
Verified iptables dnat: ping -m mark-in-decimal.
8.8.8.8 shows in snort output.

The dig command fails because dns packet does not make it to the wan address in spite of static route defined in the attached files.
Why?

Sincerely,
JC Magras

doktornotor

wanx gw 192.168.10.64  |
|    pfsense          |
|                            |
|            lan (subif:192.168.10.100)        |

No, you cannot have WAN and LAN on the same subnet.

P.S. May I suggest using screenshots instead of crappy camera next time? Thanks.

magrw2066

'wanx' was 'downstream' from wan.
My dns packets were not being forwarded or routed for that matter and I was considering putting in 'router rip'.
I could get the packets moved from 192.168.2.x subnet by policy mark to 192.168.10.x and I assumed they would go to the default gateway (wanx)  and then wan.
All that has gotten me is a sick machine(I should have built a dns box out of my raspberry pi), I did try to update my pfsense box. I know of low budget operations that will send you a CD for $. I don't suppose somebody here would supply a copy since negate seems resistant.

Sincerely,
JC Magras