Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packet capture on wan interface

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 926 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pox
      last edited by

      can someone explain this to me?
      i have a wan and a lan interface on a pfsense router. on the lan interface there is a server: 192.168.0.2. an ssh server is running on that server. nat is configured on pfsense to nat traffic from the wan interface port 22 to 192.168.0.2 port 22.

      i am on the internet, and connect trough the wan interface to the ssh server on 192.168.0.2 with ssh dynamic port forwarding (-D[someport]), so i can use the ssh connection as proxy tunnel and connect to the internet trough that tunnel.

      when i activate a packet capture on the pfsense box on the wan interface and navigate to some websites, i see only the ssh traffic, but not the web traffic generated from my browser connecting to the ssh tunnel and going outside again trough 192.168.0.2.

      why?

      if i do something like curl http://www.google.com on the shell on 192.168.0.2 i see that traffic in the capture on the wan interface.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        My first guess would be your not going through your tunnel, which would explain why your not seeing the traffic.

        When you call up a website that you believe is using the tunnel and go to a whats my IP website, what IP do you see?

        Normally when you want to tunnel web traffic through ssh, you would map a port local that would send that traffic down the tunnel. I use to do this all the time with putty, then connect browser to the local IP and port as a proxy.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          pox
          last edited by

          yes, my setup is exactly like you described. i'm pretty sure i'm going through the tunnel, because when i close the putty window firefox complains that the proxy connection failed (the tunnel is closed). and if i start the packet capture on the "lan" interface i can see the traffic going though the tunnel, but not on the wan interface.
          is there something else that could be wrong? do you see your traffic on a packet capture on the wan port in the above mentioned setup?

          1 Reply Last reply Reply Quote 0
          • N
            NOYB
            last edited by

            Packet capture at the client to see where the web traffic is actually going.

            I suspect that only some of the traffic is going through the tunnel, such as maybe DNS and that is the WAN traffic being seen.  But the web traffic is using the local internet connection instead of the tunnel.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.