Record source/destination ip/port

m.roshani

Hi,
First of all, thank you for this great full-featured and powerful software.

I have a bunch of LAN users behind a pfsense firewall which are SNATed to several public IPs.
Now, I want to record  which source IP/port has been connected to which remote IP/port in what times.
I want to do this in the most efficient way. What options can I have?

Thank you for any comments.

johnpoz

source natted?

You mean your clients lan IP 192.168.a.b looks like 1 of your public IPs when talks to say pfsense.org – ok really wouldn't call that a source nat, that would normally be referred to as outbound nat.

As to logging all the connections.. I would send your pfsense firewall logs to a syslog server and setup your firewall rules to log the traffic you want to see.

m.roshani

johnpoz,
thanks for quick reply.

Yes I mean outbound NAT.
OK I will check and set it up and report the serious problems here.

Thanks.

m.roshani

Hi,

The syslog server is installed and now it is receiving logs of some pfsense firewall rules.
Is it possible to log outbound NAT matchings?

Thank you.

johnpoz

you want to log ever single nat session?  Why would you not just log the firewall rules.. That shows you what private IP:port is going to what publicIP:port - why would you need to log the napt port that pfsense uses on its public side for the conversation that it allows?

So for example you have this

client 192.168.1.100:4567 –-> 1.2.3.4:80 pfsense publicIP:7890 ---> 1.2.3.4:80

I would think you want want to know that
client 192.168.1.100 went to 1.2.3.4:80, and from the log you would see the source port your client used.. But why would you need to log that pfsense changed that port when it natted it to :7890??

Am I not understanding something here?