

I'm just making some guesses based on common firewall configs.

203 IP is pingable from the inside of your network because your input chain likely does not prohibit access from the LAN subnet. Until you post your config I can't tell you exactly where to place that rule. The dst-address is specified as the internal IP because the packet enters the forward chain after the netmap translation has been performed from the external IP. I saw the packets count in both netmap but the problem is from outside the ip xxx.xx.xxx.203 doesnt reply, i put 10.11.0.10 in laptop and i ping the xxx.xx.xxx.203 it work and reply im wondering this, can you please explain more bit blake heheĬode: Select all /ip firewall filter add chain=forward in-interface=Ether1-WAN dst-address=10.11.0.10 In-interface=ether3-local protocol=tcp to-ports=8080 In-interface=ether2-local protocol=tcp to-ports=8080Īdd action=redirect chain=dstnat comment="web proxy allow to office network" disabled=no dst-port=80 \ Hi blake i have this following place orderĪdd action=netmap chain=dstnat comment="netmap test" disabled=no dst-address=xxx.xx.xxx.203 \Īdd action=netmap chain=srcnat comment="" disabled=no src-address=10.11.0.10 to-addresses=xxx.xx.xxx.203Īdd action=masquerade chain=srcnat comment=NAT disabled=no out-interface=Ether1-WANĪdd action=redirect chain=dstnat comment="web proxy allow to ether2 " disabled=no dst-port=80 \ chain=dstnat action=netmap dst-address=192.0.2.20 to-addresses=10.1.50.254 place-before=0Īdd chain=srcnat action=netmap src-address=10.1.50.254 to-addresses=192.0.2.20 place-before=0ĭo you have another rule which may be matching before the netmap rules? Try re-ordering your rules so the netmap rules match that host first, or just re-add them with place-before=0 to ensure they're at the top and processed first. Jul 18 15:14:39 suricata: - Couldn't register em0 with netmap: Invalid argument Jul 18 15:14:39 suricata: - Couldn't register em1 with netmap: Invalid argument Jul 18 15:14:40 suricata: - thread "W#01-em0" failed to initialize: flags 0145 I'll try removing those when I get a chance but not sure if they are the culprit.Ĭode: Jul 18 15:14:40 suricata: - Engine initialization failed, aborting. I do have tunables set for the nic that were working fine in 19.1 I have 16gb of ram and i5-7600k, 6 ports of intel i211.įound the below in the general logs. I use igb0 on Suricata for my wan and igb1 on Sensei for my lan.įorgot to add this was all working on 19.1 before the upgrade. Sensei starts and runs but shows no interfaces selected.

Jul 9 08:15:12 suricata: - This is Suricata version 4.1.4 RELEASE To suppress this message, set coder-events-prefix in the yaml. Jul 9 08:15:12 suricata: - in 5.0 the default for decoder event stats will go from 'decoder.' to 'decoder.event.'. Jul 9 08:15:25 suricata: - Couldn't register igb0 with netmap: Cannot allocate memory Jul 9 08:15:25 suricata: - thread "W#01-igb0" failed to initialize: flags 0145 Code: Jul 9 08:15:25 suricata: - Engine initialization failed, aborting.
