Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UPDATE: ATTACK?SNORT:HTTP-INSPECT TOO MANY PIPELINED REQUESTS

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      magrw2066
      last edited by

      Hello!
      UPDATE: system log: arpresolve can't allocate llinfo 192.168.10.64 on igb0.1

      [SIMPLIFICATION:
      +–-------+-------------+
      |          wan          |
      |  wanx gw [size=10pt]192.168.10.64  |
      |    pfsense          |
      |                            |
      |            lan (subif:192.168.10.100)       |
      +–---------+----------+
                    |
                    |
                    |
      +-----------+-----------+
      |  (udp dns to.    |   
      |8.8.8.8 dnatd by|
      |    iptables)        |   
      |          client      |
      |                            |
      +-----------------------+

      ]
      Verified iptables dnat: ping -m mark-in-decimal.
      8.8.8.8 shows in snort output.

      The dig command fails because dns packet does not make it to the wan address in spite of static route defined in the attached files.
      Why?

      Sincerely,
      JC Magras
      20171003_152838_Burst01.jpg
      20171003_152838_Burst01.jpg_thumb
      20171003_152947_Burst01.jpg
      20171003_152947_Burst01.jpg_thumb
      20171003_152958.jpg
      20171003_152958.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        wanx gw 192.168.10.64  |
        |    pfsense          |
        |                            |
        |            lan (subif:192.168.10.100)        |

        No, you cannot have WAN and LAN on the same subnet.

        P.S. May I suggest using screenshots instead of crappy camera next time? Thanks.

        1 Reply Last reply Reply Quote 0
        • M
          magrw2066
          last edited by

          'wanx' was 'downstream' from wan.
          My dns packets were not being forwarded or routed for that matter and I was considering putting in 'router rip'.
          I could get the packets moved from 192.168.2.x subnet by policy mark to 192.168.10.x and I assumed they would go to the default gateway (wanx)  and then wan.
          All that has gotten me is a sick machine(I should have built a dns box out of my raspberry pi), I did try to update my pfsense box. I know of low budget operations that will send you a CD for $. I don't suppose somebody here would supply a copy since negate seems resistant.

          Sincerely,
          JC Magras

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.