Record source/destination ip/port
-
Hi,
First of all, thank you for this great full-featured and powerful software.I have a bunch of LAN users behind a pfsense firewall which are SNATed to several public IPs.
Now, I want to record which source IP/port has been connected to which remote IP/port in what times.
I want to do this in the most efficient way. What options can I have?Thank you for any comments.
-
source natted?
You mean your clients lan IP 192.168.a.b looks like 1 of your public IPs when talks to say pfsense.org – ok really wouldn't call that a source nat, that would normally be referred to as outbound nat.
As to logging all the connections.. I would send your pfsense firewall logs to a syslog server and setup your firewall rules to log the traffic you want to see.
-
johnpoz,
thanks for quick reply.Yes I mean outbound NAT.
OK I will check and set it up and report the serious problems here.Thanks.
-
Hi,
The syslog server is installed and now it is receiving logs of some pfsense firewall rules.
Is it possible to log outbound NAT matchings?Thank you.
-
you want to log ever single nat session? Why would you not just log the firewall rules.. That shows you what private IP:port is going to what publicIP:port - why would you need to log the napt port that pfsense uses on its public side for the conversation that it allows?
So for example you have this
client 192.168.1.100:4567 –-> 1.2.3.4:80 pfsense publicIP:7890 ---> 1.2.3.4:80
I would think you want want to know that
client 192.168.1.100 went to 1.2.3.4:80, and from the log you would see the source port your client used.. But why would you need to log that pfsense changed that port when it natted it to :7890??Am I not understanding something here?