Traffic Graph for LAN and WAN showing outside IP Addresses
-
The support for displaying reverse DNS host name or FQDN is in the code now, and it displays names for quite a few sites.
I am about to head home, so I am happy to have a look at ways to filter the rate utility output to display all/internal/external. -
I think the confusion is how do you know which outside IP is talking to which local IP. If on then its assumed those are all hosts talking to your 1 wan IP. But on the lan, it would be clearer if you showed both endpoints of the conversation on the same line.
-
https://github.com/bsdperimeter/pfsense/pull/468 - allows you to filter the display to just show the entries for local IPs, remote IPs, or all. Filter "Local" makes it look like it used to.
Adding a column so we can display source and destination address pairs on each row, and report by source/destination address pair is another thing altogether. And actually, I usually just want to see the total bandwidth that someone is using and then go and harrass them!
If someone really wants bandwidth by source/destination IP pairs then I suggest put in a request on Redmine and start working on it:) -
Note: If you are using Traffic Graph to display local host names/FQDN then it is also good to enable "Do not forward private reverse lookups" in DNS Forwarder. It is also good to enable this if you have other applications that are doing reverse DNS lookups of private addresses for which you don't actually have PTR records.
Often on the local LAN there can be many host IPs that do not have reverse DNS (PTR) entries. If this option is not enabled then those reverse DNS lookups will get forwarded to the default upstream DNServers (in most cases the real internet). Those queries will return nothing, the internet gets flooded with this rubbish and the display/application has to wait for a round-trip delay to get the negative answer. -
I just noticed some "stale" Host IPs in the traffic-graph table.
In the screen I have in front of me right now, among others it (wrongly) shows outbound traffic to 4 different IPs. These IPs belong to a local web-portal (CDN) and I connected to those 4 IPs about 15' ago, but the related states have expired (according to pfctl -ss).
-
I noticed that every now and then also. It happens when the table length reduces by more than 1 row between 1 update and the next. Seems to be a "feature" that has been in the code from day one. I believe this will fix it: https://github.com/bsdperimeter/pfsense/pull/469
-
Hi Guys,
Thanks very much for the fix. I updated via Git, but I noticed something else now…See picture attached...
WAN is selected..the graph is correct, however under the headings of Bandwidth IN and Bandwidth OUT, they don't match the graph. Bw OUT should be Bw IN and vice versa, if I'm correct.
Thanks.
 -
Now the bandwidth by IP table shows the data flowing with respect to addresses that are at both the external and internal ends of the network. So the column headings do not work either way round. For example, the screenshot shows me doing a download - the In and Out columns have the opposite figures with respect to the local machine and the server on the internet.
The column headings could be "Bandwidth From" and "Bandwidth To".
Any better suggestions for headings?
-
HI Phil,
As you can see from the attached, the bandwidth indicators are correct for ALL WAN and LOCAL LAN, but when ALL LAN is selected and LOCAL WAN, the bandwidth usage indicators are reversed and are not in sync with the graph.
Gifs attached, Just ignore me if I'm getting too "German" about the way things are displayed.
Thanks, Jits.
 -
@jits - I work with a few Germans, so I have learnt to cope with their OCD ways ;) In the programming business OCD is good.
I think this pull request will fix up the In/Out confusion - https://github.com/bsdperimeter/pfsense/pull/477
The table is actually showing BW from and to each IP address listed. The meaning of In/Out flips depending on which side of the interface the IP is. So From/To are better column labels. -
Just updated today, I did wonder why all the external ip addresses and hostnames are showing up now, very strange.
I do like that we can select hostnames though.
Is a fix coming?
thanks
-
The fix is already comitted, but there hasn't been a snapshot build for a few days now. In the meantime, while we wait for the snapshot builds to resume, you can use gitsync to get it.
-
after the march 1st snaps im not able to see any ip address in list
![CropperCapture[1].jpg](/public/_imported_attachments_/1/CropperCapture%5B1%5D.jpg)
-
I just upgraded to 2.1-BETA1 (i386) built on Mon Mar 11 08:59:46 EDT 2013 and it seems fine for me. The "rate" utility that generates the bandwidth by IP data just does a quick sample of the traffic. When the bandwidth is very low, it is quite easy for the short sample to not get much of a decent "average", or to see nothing much at all. Start something downloading for real and you should see it clearly.
-
i tried on another machine same latest snap and that one shows so how can one machine show the ips and the other not, what could be wrong?
-
It works in the newest updated. But it isn't as simple to use as before.
I wish it would default to the previous configuration, and if you want to see external IPs then select that.
Listing a bzillion external IPs/hostnames coming and going isn't that visually helpful as it changes so fast.
-
I believe ermal is going to work on the In/Out sides of the display, so that the numbers for both local and remote IPs will match the In/Out convention of the graph.
The default for the table could easily be changed to "Filter: Local" - maybe people could give votes here for what they would prefer as the defaults? or a "Save" button could be put on the page that would save the current settings to the config and it would load those when it starts (more effort for that)? -
the table that shows in/out the ips just come and go too fast and if ur specifically monitoring a few local ips then they keep jumping up and down so y not simply keep the ip list static, meaning as soon as there is traffic from some ip, list it permanently and then just keep refreshing its in/out packets and suppose this ip stop communication for like 30 seconds then remove it from list
-
Does it make sense that external IPs/host names are displayed, especially when LAN interface is selected?
-
This same issue is present in PRERELEASE builds of 2.0.3 (see http://forum.pfsense.org/index.php/topic,58203.msg324782.html#msg324782). I note a few commits have been made to the master branch in response to this issue, although I'm not quite able to follow what is what. If any of these commits fix the original issue, can they be backported to RELENG_2_0 before 2.0.3 gets released?
