Access Pfsense from external network



  • Hello,
    I just installed Pfsense 2.3 very first time and i am not familiar with pfsense. I followed your forums and some other tutorials to setup this up.
    I have 1 WAN (with static IP) and 1 LAN

    I have 2 questions:
    1. I want to access my pfsense from outside office, how can we do this please guide me step by step.
    2. How can we monitor real time network traffic of my local users. as in pfsense 2.1 there were a package with the name of Ntop that has such capability but in 2.3 release you redeem packages. is there any other package or way to monitor logs.

    Thanks.
    Irfan Hyder



  • 1. This is a pretty trivial thing and short of giving you steps like, 'Open browser', 'enter IP of firewall', etc, I can't think what else you'd need to know. Here is a link which sums up what you have to do: https://doc.pfsense.org/index.php/How_can_I_access_the_webGUI_from_the_WAN. One thing I would say is that you should try to restrict external access to only those IPs you know you'll be connecting from; having your config page open to the entire Internet isn't a great idea.

    2. Softflowd and Darkstat look like they might be suitable replacements for NTop.



  • Hello,
    Thanks for your prompt reply muswellhillbilly.
    I have added NAT rule and now i am able to access my pfsense from external network.

    As for Network Traffic i have installed softflowd and i configured as :
    Interface : Lan
    Host IP: my Lan IP
    Port : SSH Port (Lan)
    Max Flows: 8192 Default

    Softflowd service is up but how can we monitor logs ??
    and Darkstat does not show proper logs it shows only Host Ip instead of Hostname along with MAC address and without any Url address.

    Please help me out
    Thanks.


  • Rebel Alliance Global Moderator

    your wanting to send your flows via ssh port?? You need to send the flow info to a collector..  Google netflow collector.



  • Hello,
    No, I just want to monitor user traffic, IP/hostname visited websies with time and date so that i could generate weekly report for my bosses.
    How can we monitor with softflowd or is there any other support package ??

    Thanks.


  • Rebel Alliance Global Moderator

    softflowd sends flows, thats all it does..  If you want to look at the flows you have to send that data to a flow collector that will present the data to you.. Not going to report website users go to, atleast not an any easy to understand format that some boss would understand.

    if you want to monitor users website traffic use a proxy!



  • @hyder512:

    and Darkstat does not show proper logs it shows only Host Ip instead of Hostname along with MAC address and without any Url address.

    If you'd specified what kind of logging you required then like JP I would have suggested a proxy such as Squid/Squidguard. Darkstat does show 'proper logs' - just not the log information you're looking for. And my magic psychic hat is at the cleaners today.


  • Rebel Alliance Global Moderator

    BTW if you like ntop, its coming back.  Not sure when.. But it will, well atleast ntopng will be

    ntopng - ntopng package was removed from FreeBSD ports because it no longer compiled. That issue has recently been fixed, and the package will return soon.

    If what you want is user A went to websites B and Z at 9:13 on 5/24/16, and sites X and Y at 9:15 then your going to want a proxy.  Or you could just install the freebsd package dsniff which is not yet part of the official pfsense repository but can be installed just the same, then sniff on interface your going to see client traffic.  And there you go you can see where they go via http

    
    2.3.1-RELEASE][root@pfSense.local.lan]/root: urlsnarf -i em1
    urlsnarf: listening on em1 [tcp port 80 or port 8080 or port 3128]
    ubuntu.local.lan - - [25/May/2016:09:11:10 -0500] "GET http://www.google.com/ HTTP/1.1" - - "-" "Wget/1.15 (linux-gnu)"
    ubuntu.local.lan - - [25/May/2016:09:11:19 -0500] "GET http://www.yahoo.com/ HTTP/1.1" - - "-" "Wget/1.15 (linux-gnu)"
    
    

    Throw that into your fav log parser and there you go listing of where clients go for websites and when. Won't give you https, which more and more and more sites are..  As before if you want to know for sure where someone is going then you need to send their traffic through a proxy.



  • Hello,
    Thank you guys for your answers.
    Yes i am using transparent proxy at this time, But i will shift users to proxy if it solves my traffic problem. But after enabling proxy does it show proper logs ?? and where we can monitor REAL-TIME logs and compile weekly reports for bosses.
    I just want complete user internet log including http, https, everything they use on my internet.
    As for darkstat, it does not show proper logs may be it needs to be configured properly if is there any setting issue please help.

    Thanks.



  • 'Proper logs' doesn't really describe very well what you're trying to do. Under the circumstances, I'd say you're best bet would be to look into a variety of Squid proxy logging solutions and seeing which of them meet your requirements. That magic hat of mine still needs cleaning.

    http://www.squid-cache.org/Misc/log-analysis.html



  • Hello,
    Thanks for your answer.
    I think i could not explain my problem sorry for that.
    I need to monitor user's log like :

    Host/IP        Visited Sites      Time        Bytes / So on
    10.0.0.15    yahoo.com        10.10am  56.6

    also software has ability to compile reports on demand for specific Host/IP.

    i want something like that.
    Thanks.