Web traffic log issues WAN / LAN . VirtualBox

pfuzer · Jul 24, 2020, 5:29 PM

Hello, the latest version of pfsense is already installed in a VirtualBox VM and it is working.
Internet WAN -> Modem -> pfsense device (Ethernet port) LAN -> USB Gigabit Ethernet adapter (usb connected to pfsense device and Ethernet to WAN Ethernet port of router) -> Router ( multiple devices connected to it via Ethernet LAN ports and WiFi)

However, there is a traffic issue: All the web traffic in pfsense has the same WAN IP from the router, so it makes it look that there is only one device connected to the network. I need to see in the traffic logs exactly the IP of the device in the network (I.e printer, PC etc..) that generates the traffic. For example, if a user using a smartphone goes to a website, I need to see the source IP of the smartphone, not the WAN IP of the router as the source IP.
The WAN IP of the router 192.168.1.108 is the main IP that appears in the pfsense web traffic logs.
The LAN IP of the router is LAN, 192.168.2.1
Firewall LAN interface is em1 and IP: 192.168.1.1/24
WAN interface sets DHCP and IP is provided by ISP.

I used the following guide as reference joe0. com /2019/11/07/converting-intel-nuc-mini-pc-into-state-of-the-art-router-running-pfsense-in-oracle-virtualbox/

Does anyone know how to fix these issues? I'd appreciate your help. thanks.

netblues · Jul 25, 2020, 6:57 AM

@pfuzer said in Web traffic log issues WAN / LAN . VirtualBox:

I need to see in the traffic logs exactly the IP of the device

Where do you want to see this? This is logged on pfsense

pfuzer · Jul 25, 2020, 3:10 PM

@netblues I need to see it in pfsense, currently the issue is that if a user using a smartphone goes to a website, it shows WAN IP of the router as the source IP.
If someone with a laptop goes to another website it also shows the same WAN IP of the router as the source IP.
I need to see for the web traffic in pfsense the real source IP of the device that generates the traffic.
There is some type of configuration issue, the router is configured in router mode, it doesn't have transparent firewall mode.

netblues · Jul 25, 2020, 6:40 PM

@pfuzer Yes, the second router does nat, which essentially hides all the devices.
Do you really need that second router there ?

pfuzer · Jul 25, 2020, 7:28 PM

@netblues there is only one physical router, and I'd like to keep it if possible as the firewall provides an extra protection layer.

netblues · Jul 25, 2020, 7:39 PM

@pfuzer You don't really need two routers. You will make your network life miserably complicated.

In a nutshell, if the router can disable nat mode, then pf will know which device does what.
Until then, nat hides all.
If you do disable nat on router, it must be substituted by proper routing in order to work.

pfuzer · Jul 25, 2020, 8:46 PM

@netblues thanks for your response. this post in this snb site explains why I'd prefer to keep the asus router protection features enabled (if NAT is disabled in the router, the security features get disabled as well) https://www.snbforums.com/threads/about-disabling-nat-can-still-it-work-as-a-router.27821/
The main difference is that the user in that post has a watchguard firewall, in my case is the pfsense. However, I did not understand how did he solve the issue with the following, how was that done?


    ColinTaylor said:
    I'd hazard a guess that this is because your gateway device doesn't know how to route the incoming (WAN) traffic back to the LAN clients behind the ASUS. It just assumes they are on its switch port whereas they need to be routed through the ASUS.

That was it, Colin !

As simple as it appears now, there was no routing back for the traffic sources behind the Asus. It was enough to add a static route on the Watchguard to make it work, with everything on (firewall, vpn, transmission, etc).

pfuzer · Jul 25, 2020, 9:15 PM

I just found the following info, do you think the following 6 instructions will do what I want to do, or is there a better way to do the proper routing in order to get it to work (without losing the security features in the asus router)? Currently the speed is fine, not having any speed issues.
http://www.snbforums.com/threads/disabling-nat-on-asus-rt-ac87u.22886/

I was trying to keep the ASUS router up as a transparent (non NAT) gateway so that I would not lose the virus scanning capability of the RT-87U.

What then becomes the 'wan' port of the dedicated PC?

    ryancarter3 wrote:

    I just built a similar home box using Home UTM and a Dell Vostro 220 (Core 2 duo, 2gb Ram, 230gb hd).  Added an Intel Pci-X Nic. Works fantastically.  We have about 9 pc's and 6 tablets and phones.

    1. Set the Firewall to be your default gateway (192.168.1.1)

    2. setup DHCP with a limit of 45 - 50 IP's depending on if you will have devices not using DHCP.

    3. Disable DHCP on your wireless router 

    4. Connect the LAN port of the firewall to one of the LAN ports of your router. 

    5. Change the router's IP so that is no longer the default gateway (192.168.1.2)

    6. Connect your internet to the WAN port on your firewall pc.

netblues · Jul 26, 2020, 5:53 AM

@pfuzer What this say is, use the asus as an access point.
As for the advanced,. and "ai" features, of a product which can't behave as a router with nat off, looks like it was designed by the marketing department, not the engineering one.

Use asus as an ap and all will be good.

pfuzer · Jul 29, 2020, 3:53 PM

@netblues thanks for your help, do you know if there is a reliable router with firewall that can be configured in transparent mode and has features such as vlans, ACLs and anti malware protection that doesn't need a paid $ subcription?

netblues · Jul 29, 2020, 4:27 PM

@pfuzer pfsense with pfblockergng-dev and suricata