Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cant start snort 2.9.6.2 pkg v3.1.1 x86 - FATAL ERROR: pf.conf => Table snort2c

    Scheduled Pinned Locked Moved pfSense Packages
    16 Posts 5 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      marian78
      last edited by

      Hi,

      i have instaled snort and it can start because:

      php: /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 38552 -D -q -l /var/log/snort/snort_bge038552 –pid-path /var/run --nolock-pidfile -G 38552 -c /usr/pbi/snort-i386/etc/snort/snort_38552_bge0/snort.conf -i bge0' returned exit code '1', the output was ''

      FATAL ERROR: pf.conf => Table snort2c don't exists in packet filter: No such file or directory

      next i totaly reinstaled, new intaled snort, againt configure, but without any luck. Can you pleas navigate me, how to resolve this problem?

      Thx, Marian.

      PS: sorry for my bad english

      pfsense v2.1.4 i386, 2G RAM AMD HP N54L

      edit: when i disable "Block Offenders" snort will start....

      pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

      1 Reply Last reply Reply Quote 0
      • bmeeksB Offline
        bmeeks
        last edited by

        @marian78:

        FATAL ERROR: pf.conf => Table snort2c don't exists in packet filter: No such file or directory

        pfsense v2.1.4 i386, 2G RAM AMD HP N54L

        That error indicates some kind of messed up installation of pfSense.  That table is part of the firewall rules by default on pfSense installs.  Did you perhaps remove it somehow?  This is not a Snort package problem, but rather something has happened to your core firewall config.  Snort needs that table present in order to block offender IP addresses.

        Bill

        1 Reply Last reply Reply Quote 0
        • M Offline
          marian78
          last edited by

          hi, thx for answer.

          i have standard i386 instalation with pfblocker, ntopng, arpwatch, servicewatchdog, squid3-dev (with SSL, transparent, enabled c-icap), openvpnclient, traficshaping, enabled ssh. That is all, no cli modding….  :(

          i have instaled only 2GB ram, is it enough? may be the cause of memory..... or?

          pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

          1 Reply Last reply Reply Quote 0
          • BBcan177B Offline
            BBcan177 Moderator
            last edited by

            From the shell, you could try to manually create this missing table.

            pfctl -t snort2c -T add 1.1.1.1

            This will create the table and add a dummy 1.1.1.1 ip address. You could clear this ip later if you wish.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • M Offline
              marian78
              last edited by

              hi, again thx for reply sir.

              now I'm at work when I get home, I'll try.  :)

              pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

              1 Reply Last reply Reply Quote 0
              • bmeeksB Offline
                bmeeks
                last edited by

                @marian78:

                hi, again thx for reply sir.

                now I'm at work when I get home, I'll try.  :)

                BBcan177's fix should work, but the bigger question is what happened to that table to begin with.  That table is part of the default install with pfSense.  It should exist whether the Snort package is installed or not.

                Bill

                1 Reply Last reply Reply Quote 0
                • M Offline
                  marian78
                  last edited by

                  Tt is a new installation from yesterday.
                  when I last configured squid3dev as transparent SSL proxy server, I noticed that I can not run snort..  :'(

                  i dont know what happend, i only use pfsense UI….

                  pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

                  1 Reply Last reply Reply Quote 0
                  • bmeeksB Offline
                    bmeeks
                    last edited by

                    @marian78:

                    Tt is a new installation from yesterday.
                    when I last configured squid3dev as transparent SSL proxy server, I noticed that I can not run snort..  :'(

                    i dont know what happend, i only use pfsense UI….

                    Hmm…wonder if the squid3dev package makes any adjustments to default pfSense tables...???

                    This is the first time I've seen this particular error reported.

                    Bill

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      marian78
                      last edited by

                      @BBcan177:

                      From the shell, you could try to manually create this missing table.

                      pfctl -t snort2c -T add 1.1.1.1

                      This will create the table and add a dummy 1.1.1.1 ip address. You could clear this ip later if you wish.

                      Hi man (genius), this helped. i will send 4 beers and 2 strippers to your working table. Thx.  ;D  But after reboot i have this problem again.  :'(

                      pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

                      1 Reply Last reply Reply Quote 0
                      • bmeeksB Offline
                        bmeeks
                        last edited by

                        @marian78:

                        @BBcan177:

                        From the shell, you could try to manually create this missing table.

                        pfctl -t snort2c -T add 1.1.1.1

                        This will create the table and add a dummy 1.1.1.1 ip address. You could clear this ip later if you wish.

                        Hi man (genius), this helped. i will send 4 beers and 2 strippers to your working table. Thx.  ;D  But after reboot i have this problem again.  :'(

                        Yes…something has altered your default pfSense startup scripts in some manner.  That <snort2c>table is supposed to be auto-created on pfSense boot up.  Is there any way you could backup your config and reinstall pfSense on that box?  That should fix the problem with the default table being missing.

                        Bill</snort2c>

                        1 Reply Last reply Reply Quote 0
                        • M Offline
                          marian78
                          last edited by

                          hi,

                          i played with all settings and i examine, that for now all problem are from "traffic shaper". When i delete all rules for shaper, all works ok and after reboot too. Strange…  :o

                          For now i will stay without "traffic shaper". Is not important to me.

                          pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

                          1 Reply Last reply Reply Quote 0
                          • bmeeksB Offline
                            bmeeks
                            last edited by

                            @marian78:

                            hi,

                            i played with all settings and i examine, that for now all problem are from "traffic shaper". When i delete all rules for shaper, all works ok and after reboot too. Strange…  :o

                            For now i will stay without "traffic shaper". Is not important to me.

                            That's an interesting discovery.  The traffic shaper might be changing some of the filter defaults when it's enabled.  Thank you for the feedback.  I might need to discuss this offline with the pfSense guys to see what's up and if there is something I need to do in the Snort and Suricata packages to compensate.

                            Bill

                            1 Reply Last reply Reply Quote 0
                            • M Offline
                              marian78
                              last edited by

                              thx, sir, i stay tuned….  ;)

                              edit: i attached instaled packages...

                              Snímka.JPG
                              Snímka.JPG_thumb

                              pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

                              1 Reply Last reply Reply Quote 0
                              • ? Offline
                                A Former User
                                last edited by

                                Glanced over the thread, so I might have missed something.

                                Maybe you run into this: https://forum.pfsense.org/index.php?topic=70107.msg383032#msg383032

                                1 Reply Last reply Reply Quote 0
                                • M Offline
                                  marian78
                                  last edited by

                                  hi, for now i dont use traffic shaping, maybe that was the problem, i have table also corupted….

                                  pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

                                  1 Reply Last reply Reply Quote 0
                                  • T Offline
                                    tuxrazor
                                    last edited by

                                    Also found that if the bandwidths are set incorrectly on the traffic shaping,i.e 400Mb/s instead of 80Mb/s it causes the tables to disappear?changing the value re-instates the sshlockout and default lockouts w/o rebooting.
                                    The snort2c table may have to be manually recreated after this as per above post.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.