FIREWALL LOGS FOR NAT NOT SHOWING UP



  • I currently have a Firewall rule to enable traffic to port 8181 which I enabled logging {log packets that are handled by this rule option } ticked. There are however no logs for that Firewall rule showing up in the Status>System Logs> Firewall logs.
    However further investigation with a tcpdump command {tcpdump -I <interface>port <port>for that NAT rule show results.
    Can anyone help here
    Pfsense version: 2.3.1- Release (i386)
    Please FIND FIREWALL RULE BELOW

    PLEASE FIND TCPDUMP OUTPUT

    I have reset firewall states. I also checked "Log packets matched from the from the default pass rules put in the ruleset" under Sytem Logs>Firewall>Manage

    I can currently see some pass logs but not on that particular port 8181

    ![tcpdump output.PNG](/public/imported_attachments/1/tcpdump output.PNG)
    ![tcpdump output.PNG_thumb](/public/imported_attachments/1/tcpdump output.PNG_thumb)
    ![firewall rule.PNG](/public/imported_attachments/1/firewall rule.PNG)
    ![firewall rule.PNG_thumb](/public/imported_attachments/1/firewall rule.PNG_thumb)</port></interface>


  • Banned

    Good that you censored the IPs so that it's impossible to verify anything here.  ::) ::) ::)

    P.S. And kindly upgrade to current stable pfSense version before wasting more time.


  • LAYER 8 Global Moderator

    Along with what dok says those are acks in your dump not syn.. Your log is not going to log acks that are allowed.  A default deny would log out of state or syn.

    And again restate - get current.

    Are you saying nothing is showing in the logs or only this rule you have?  If there was a state already when you created this log rule no existing traffic would not be logged.



  • @johnpoz:

    Along with what dok says those are acks in your dump not syn.. Your log is not going to log acks that are allowed.  A default deny would log out of state or syn.

    And again restate - get current.

    Are you saying nothing is showing in the logs or only this rule you have?  If there was a state already when you created this log rule no existing traffic would not be logged.

    I have reset firewall states. I also checked "Log packets matched from the from the default pass rules put in the ruleset" under Sytem Logs>Firewall>Manage

    I can currently see some pass logs but not on that particular port 8181



  • @johnpoz:

    Along with what dok says those are acks in your dump not syn.. Your log is not going to log acks that are allowed.  A default deny would log out of state or syn.

    And again restate - get current.

    Are you saying nothing is showing in the logs or only this rule you have?  If there was a state already when you created this log rule no existing traffic would not be logged.

    So i went ahead with to reset states and now i can see traffice from 8181 port i specified. Thank you for your help @ Johnpoz


  • LAYER 8 Global Moderator

    Can not tell from your postings.. But is this outbound, or an inbound port forward to 8181

    Without more info and detail its not possible to help point to where your making the mistake.



  • @johnpoz:

    Can not tell from your postings.. But is this outbound, or an inbound port forward to 8181

    Without more info and detail its not possible to help point to where your making the mistake.

    I am most grateful was an inbound port forward. Solved now


Log in to reply