Record source/destination ip/port



  • Hi,
    First of all, thank you for this great full-featured and powerful software.

    I have a bunch of LAN users behind a pfsense firewall which are SNATed to several public IPs.
    Now, I want to record  which source IP/port has been connected to which remote IP/port in what times.
    I want to do this in the most efficient way. What options can I have?

    Thank you for any comments.


  • LAYER 8 Global Moderator

    source natted?

    You mean your clients lan IP 192.168.a.b looks like 1 of your public IPs when talks to say pfsense.org – ok really wouldn't call that a source nat, that would normally be referred to as outbound nat.

    As to logging all the connections.. I would send your pfsense firewall logs to a syslog server and setup your firewall rules to log the traffic you want to see.



  • johnpoz,
    thanks for quick reply.

    Yes I mean outbound NAT.
    OK I will check and set it up and report the serious problems here.

    Thanks.



  • Hi,

    The syslog server is installed and now it is receiving logs of some pfsense firewall rules.
    Is it possible to log outbound NAT matchings?

    Thank you.


  • LAYER 8 Global Moderator

    you want to log ever single nat session?  Why would you not just log the firewall rules.. That shows you what private IP:port is going to what publicIP:port - why would you need to log the napt port that pfsense uses on its public side for the conversation that it allows?

    So for example you have this

    client 192.168.1.100:4567 –-> 1.2.3.4:80 pfsense publicIP:7890 ---> 1.2.3.4:80

    I would think you want want to know that
    client 192.168.1.100 went to 1.2.3.4:80, and from the log you would see the source port your client used.. But why would you need to log that pfsense changed that port when it natted it to :7890??

    Am I not understanding something here?


Log in to reply