LAN-Party Log

justmilas

Hi,

I am organizing a LAN-Party. The location i have access to runs some fancier stuff ...
Therefor i would like to run pfsense between the LAN-Party and the "external" network.
But i have to fulfill a few orders to be allowed to do so.

1. I have to log the connections in a way that i can tell who downloaded the illeagel stuff
2. I would like to block MAC-adresses i haven't authorized (manual labor ... we are not that many)
3. I would like to block something like VPNs (Tunnel-bear etc...)
4. I have an old OptiPlex 780 as hardware with a secondary pci-nic are they fast enough to serve gaming for like 20 people? Or will i have bandwidth problems for downloading via steam?

Sadly i am not as experienced as i would like to be with all of this so please be patient if i don t understand or know how to do stuff wright away...
I already looked through the forum a bit, but most things i found were like 5-8 years old ...

johnpoz

@justmilas said in LAN-Party Log:

I am organizing a LAN-Party.
But i have to fulfill a few orders to be allowed to do so.

Doesn't sound like your organizing anything to be honest.

1. Why should you have to log your users traffic to the internet?
2. Why would you want/need/care to do this - pointless added work. Are you worried that billy will also connect 2nd device and only paying for 1 device?
3. So how you going to stop say openvpn running on tcp 443 and also allow for internet net use. Again what does that have to do with running a lan party?
4. The quuestion here is how fast is the internet connection.

justmilas

Hi,

thanks for the replay. I will explain a bit more.

1. I am part of the student council of my faculty and we are only allowed to use the network and facilities if we can make sure nothing illeagel will happen or we can tell who did it.
2. Since its for our students its free anyway ... And i just want to make sure that they don't spoof there address. I they want they can add 10 PCs i don't care for that.
3. As i said i am not as experienced as i would like .... If there are a few holes it's ok its just a bit more difficult ...
4. It's on a weekend at university ... so i would say the limit is the single port we get for uplink.

I hope that clarifies a few questions.

Justmilas

johnpoz

@justmilas said in LAN-Party Log:

nothing illeagel will happen or we can tell who did it.

1. Impossible restriction - This scope not defined enough to allow any access. How do you know someone is not logging into someones bank account and siphoning money, etc. As just one example what would like typical legal access but is not.
2. This would be simple static reservations for IP via dhcp to specific MAC and then static arp setting.
3. Just allowing 443 and 80 say outbound would make it more difficult, but doesnt stop anything and goes back to item 1.
4. And what is that 10 mbps, 100, gig 10ge? And what your interface port is doesn't always machine up to what your actual internet speed.

justmilas

1. I know that this would be imposible to prevent. Thats why i would like to Log the conections and if something like this happens i can tell who was connected. Or is this impossible as well ... if so its not a problem for me since nobodey else would notice this, right?
2. Thanks
3. Ok
4. Its at least 100-Mbit/s but if i ask again maybe 1000-Mbit/s is possible.

Justmilas

johnpoz

You can log traffic with pfsense all you want.. Not really going to to show what anyone really did - its going to be source IP to dest IP. Tells you nothing of what that was - especially since the dest IP is going to be some IP in a CDN most likely AWS, AZURE, etc.

You can get better logging if you use a proxy. But again very very difficult to say what is actually being done.. Especially since pretty much all internet these days is HTTPS.. So again all your logs will show is you move X amount of data between source IP and say domain.tld - you will not even be able t see what full path they went to.. which could be domain.tld/illegalshit

But sure setup a proxy and log.. Tell you billy moved Xbytes between his IP and domain.tld - that is all it tells you.

If its a LAN party why do they need any internet at all? As to your 780, what is that like circa 2010.. So while it can prob do 100mbps - it might have hard time doing gig at wire speed, especially when running a proxy.. But then again what does it matter? Its a lan party - what sort of traffic are they going to be doing to and from the internet.

Also to the what is being done, etc. I find it unlikely your school would be giving you an unfettered connection to the internet anyway.. So should already be filtered from doing illegal stuff on the internet ;)

justmilas

Thank you!
I will ask my university if source IP to dest IP is enough (i think it is)! Can you tell me which addon i need for logging?
To the "LAN" aspect... i remember the good old days of playing WCIII, starcraft and css ... but sadly these days are over. You need to download games via steam or play them online all the time (league of legends etc). Its more a meet and game at this point.

Justmilas

johnpoz

There is no added on needed. Just set your firewall rule to log your allowed traffic... Your prob going to want to move these logs off to syslog server because the pfsense firewall logs are circular and will only list in the gui by default the last few hits.. You can adjust and such be be easier to send these logs to syslog.

If you want to run a proxy - its just the squid package. But the complexity of that setup is just that - more complex.

Well if they need to access XYZ to get game, and ABC to play game - then just allow that specific access and that is IT!! There you go nothing but game being done on the internet. Now that is a scope that is well defined and actually possible to implement.

justmilas

Ok

Thank you for your help and time.
I will set up a test station an talk with our it facility.

Kind regards
Justmilas