Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What log can be enable for passed traffic?

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfnoober
      last edited by

      Basically I'm trying to find out if there is a log I can turn on so that I can see all traffic that is passed by the firewall.  I have no trouble seeing what is blocked by the firewall rules in the standard firewall system logs.  I'm mainly interested in see what LAN addresses are going where or what ssh traffic from the outside is doing, such as using the proxy I have set up, etc.

      edit:  I do have logging turned on for the default LAN -> any rule that is set when pfsense is first loaded, but so far nothing is showing up in the firewall logs.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        What version are you using?
        Did you press apply after changing the rule to log everthing?
        Depending on your hardware it can take a few seconds until entries on the firewall log page start appearing.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • P
          pfnoober
          last edited by

          -Using 1.2RC2
          -Yes, I did press apply and confirmed that the setting was still there

          I have noticed that it is logging passed traffic, but it isn't quite what I'm expecting.  Let me explain how mine is setup.

          My gateway serves as the interface to the incoming internet, we'll call this device 10.1.1.254 (the LAN port on the gateway itself)
          The firewall's wan interface is connected to the gateway LAN port; 10.1.1.253
          The firewall's lan interface connects into my switch; 10.1.1.252

          The passed traffic I'm seeing is indicated the LAN -> any rule is what is prompting it to log, which is good.  But I'm guessing maybe I just have the firewall set up slightly off.  It continues to log the source traffic as being BRIDGE0, the gateway as the source with destination 239.255.255.250, UDP traffic.  Same ports both ways, 1900.

          I'm specifically interested in logging traffic from the lan to determine what domain or ip address each workstation is trying to go to, if it is capable of doing this.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Yeah if you have a bridged setup, the logged interface will be the bridge, bridge0 in this case. You're getting what you're after.

            Netflow (pfflowd in packages) may be a better solution. You'll have to setup a collector on another machine for that, but it'll give you more complete traffic stats.
            http://en.wikipedia.org/wiki/Netflow

            1 Reply Last reply Reply Quote 0
            • P
              pfnoober
              last edited by

              Many thanks.  I've taken a look at the transparent bridge setup and briefly messed around with the configuration while I had the "filtered bridge" option enabled.  I'm sure I'll some follow-up questions later about what rules to apply for inbound traffic, but I appreciate the help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.