Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging state tables…

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 924 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      carzin
      last edited by

      We use pfSense to onboard our users for secured wireless.  It is rare, but from time to time we will get a take down notice from the DMCA and we have need to tie the following:

      External WAN interface (the interface representing 100s of people behind it with a single IP address) to an external address (the address of the illegal content) to an internet IP address to a user.

      Getting to that appears nearly impossible with the current setup.  Even if I log ALL packets (permit and block), in most cases I am unable to tie this together.  The state table, if it were being logged, would solve this issue.  I could easily search for who attempted to connect to a particular site at a given time, and then tie the internal IP address to an authentication.  But there does not appear to be a way to do this.

      Does anyone else know how to skin this cat?

      (This was posted inadvertently in the captive portal group.  I have asked for that topic to be deleted)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There is no way to "log the state table" in the way you describe. In the future we do plan on having a way to log NAT translations as they happen, but at the moment that isn't possible.

        You could use a netflow exporter like softflowd to send flow data to a server elsewhere on your network, and that may allow you to correlate the connections better.

        That said, unless you have more than one external IP address you should be able to match an internal user to a remote IP address in a given time frame just from logging the LAN rule(s) passing out traffic.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          pinetelchris
          last edited by

          So, how far in the future?  Is this a feature that is on the roadmap?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.