Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access Pfsense from external network

    Scheduled Pinned Locked Moved NAT
    11 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      muswellhillbilly
      last edited by

      1. This is a pretty trivial thing and short of giving you steps like, 'Open browser', 'enter IP of firewall', etc, I can't think what else you'd need to know. Here is a link which sums up what you have to do: https://doc.pfsense.org/index.php/How_can_I_access_the_webGUI_from_the_WAN. One thing I would say is that you should try to restrict external access to only those IPs you know you'll be connecting from; having your config page open to the entire Internet isn't a great idea.

      2. Softflowd and Darkstat look like they might be suitable replacements for NTop.

      1 Reply Last reply Reply Quote 0
      • H
        hyder512
        last edited by

        Hello,
        Thanks for your prompt reply muswellhillbilly.
        I have added NAT rule and now i am able to access my pfsense from external network.

        As for Network Traffic i have installed softflowd and i configured as :
        Interface : Lan
        Host IP: my Lan IP
        Port : SSH Port (Lan)
        Max Flows: 8192 Default

        Softflowd service is up but how can we monitor logs ??
        and Darkstat does not show proper logs it shows only Host Ip instead of Hostname along with MAC address and without any Url address.

        Please help me out
        Thanks.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          your wanting to send your flows via ssh port?? You need to send the flow info to a collector..  Google netflow collector.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • H
            hyder512
            last edited by

            Hello,
            No, I just want to monitor user traffic, IP/hostname visited websies with time and date so that i could generate weekly report for my bosses.
            How can we monitor with softflowd or is there any other support package ??

            Thanks.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              softflowd sends flows, thats all it does..  If you want to look at the flows you have to send that data to a flow collector that will present the data to you.. Not going to report website users go to, atleast not an any easy to understand format that some boss would understand.

              if you want to monitor users website traffic use a proxy!

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • M
                muswellhillbilly
                last edited by

                @hyder512:

                and Darkstat does not show proper logs it shows only Host Ip instead of Hostname along with MAC address and without any Url address.

                If you'd specified what kind of logging you required then like JP I would have suggested a proxy such as Squid/Squidguard. Darkstat does show 'proper logs' - just not the log information you're looking for. And my magic psychic hat is at the cleaners today.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  BTW if you like ntop, its coming back.  Not sure when.. But it will, well atleast ntopng will be

                  ntopng - ntopng package was removed from FreeBSD ports because it no longer compiled. That issue has recently been fixed, and the package will return soon.

                  If what you want is user A went to websites B and Z at 9:13 on 5/24/16, and sites X and Y at 9:15 then your going to want a proxy.  Or you could just install the freebsd package dsniff which is not yet part of the official pfsense repository but can be installed just the same, then sniff on interface your going to see client traffic.  And there you go you can see where they go via http

                  
2.3.1-RELEASE][root@pfSense.local.lan]/root: urlsnarf -i em1
urlsnarf: listening on em1 [tcp port 80 or port 8080 or port 3128]
ubuntu.local.lan - - [25/May/2016:09:11:10 -0500] "GET http://www.google.com/ HTTP/1.1" - - "-" "Wget/1.15 (linux-gnu)"
ubuntu.local.lan - - [25/May/2016:09:11:19 -0500] "GET http://www.yahoo.com/ HTTP/1.1" - - "-" "Wget/1.15 (linux-gnu)"

                  Throw that into your fav log parser and there you go listing of where clients go for websites and when. Won't give you https, which more and more and more sites are..  As before if you want to know for sure where someone is going then you need to send their traffic through a proxy.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • H
                    hyder512
                    last edited by

                    Hello,
                    Thank you guys for your answers.
                    Yes i am using transparent proxy at this time, But i will shift users to proxy if it solves my traffic problem. But after enabling proxy does it show proper logs ?? and where we can monitor REAL-TIME logs and compile weekly reports for bosses.
                    I just want complete user internet log including http, https, everything they use on my internet.
                    As for darkstat, it does not show proper logs may be it needs to be configured properly if is there any setting issue please help.

                    Thanks.

                    1 Reply Last reply Reply Quote 0
                    • M
                      muswellhillbilly
                      last edited by

                      'Proper logs' doesn't really describe very well what you're trying to do. Under the circumstances, I'd say you're best bet would be to look into a variety of Squid proxy logging solutions and seeing which of them meet your requirements. That magic hat of mine still needs cleaning.

                      http://www.squid-cache.org/Misc/log-analysis.html

                      1 Reply Last reply Reply Quote 0
                      • H
                        hyder512
                        last edited by

                        Hello,
                        Thanks for your answer.
                        I think i could not explain my problem sorry for that.
                        I need to monitor user's log like :

                        Host/IP        Visited Sites      Time        Bytes / So on
                        10.0.0.15    yahoo.com        10.10am  56.6

                        also software has ability to compile reports on demand for specific Host/IP.

                        i want something like that.
                        Thanks.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.