Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall rule logging

    Firewalling
    4
    10
    1938
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      ninoalcamo last edited by

      Hello,
      I have set logging in a firewall rule in lan network that logs everything, in my remote system log I see every packet that passes through the router…But I don't understand something: when there is a download or upload of a file in lan shouldn't I receive so many entry in system log? Why I don't receive nothing? I miss something in configuration log?

      1 Reply Last reply Reply Quote 0
      • K
        kholmqvist last edited by

        Hi.

        You're only logging traffic leaving the firewalls Lan interface. You can't log traffic inside your Lan on the firewall.

        1 Reply Last reply Reply Quote 0
        • N
          ninoalcamo last edited by

          But any download or upload don't pass through firewall LAN interface?

          1 Reply Last reply Reply Quote 0
          • K
            kholmqvist last edited by

            Traffic from PC1 to PC2 will not be logged since it doesn't hit the firewalls interface.

            Traffic from PC1 to PC3 will be logged since it leaves the "LAN" interface on the firewall to reach PC3

            The way i read your questions is that you don't understand why you don't see anything in the log when you're downloading/uploading files internally in your LAN

            1 Reply Last reply Reply Quote 0
            • N
              ninoalcamo last edited by

              No, I don't mean internal lan… I mean if a PC download or upload a file from internet I don't see anything in log
              Thanks for your explanation, I mean traffic from PC 1 to PC 3 isn't logged for traffic for download or upload files...

              Edit:
              maybe I explain myself better with this example:

              Taking your diagarm network topology as reference, if PC1 sends 100 icmp packets to PC3, firewall log show me only 1 icmp packet.

              There is a way to show all 100 icmp packets on log?

              1 Reply Last reply Reply Quote 0
              • K
                kholmqvist last edited by

                @ninoalcamo:

                No, I don't mean internal lan… I mean if a PC download or upload a file from internet I don't see anything in log
                Thanks for your explanation, I mean traffic from PC 1 to PC 3 isn't logged for traffic for download or upload files...

                Edit:
                maybe I explain myself better with this example:

                Taking your diagarm network topology as reference, if PC1 sends 100 icmp packets to PC3, firewall log show me only 1 icmp packet.

                There is a way to show all 100 icmp packets on log?

                oh that's a good question. I'm not that familiar with pfSense, but my bet would be that all hits on a rule should be logged.

                1 Reply Last reply Reply Quote 0
                • johnpoz
                  johnpoz LAYER 8 Global Moderator last edited by

                  "if PC1 sends 100 icmp packets to PC3, firewall log show me only 1 icmp packet."

                  Why would it log it 100 times?  It creates a state and until that state is closed its all in the 1 log entry.

                  What your asking is to log every single packet - that would be a very very bad idea…

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

                  1 Reply Last reply Reply Quote 0
                  • K
                    kpa last edited by

                    PF does have an option for that, log(all). It's not exposed in the pfSense GUI in any way as far as I know and  in case you want to to sniff traffic you're much better off with packet capture or using tcpdump directly.

                    1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator last edited by

                      Would be very resource intensive to log every packet.. Would not recommend it at all.. As mentioned if you need to look at traffic sniff.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

                      1 Reply Last reply Reply Quote 0
                      • N
                        ninoalcamo last edited by

                        Thanks for explation

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post