FIREWALL LOGS FOR NAT NOT SHOWING UP
-
I currently have a Firewall rule to enable traffic to port 8181 which I enabled logging {log packets that are handled by this rule option } ticked. There are however no logs for that Firewall rule showing up in the Status>System Logs> Firewall logs.
However further investigation with a tcpdump command {tcpdump -I <interface>port <port>for that NAT rule show results.
Can anyone help here
Pfsense version: 2.3.1- Release (i386)
Please FIND FIREWALL RULE BELOWPLEASE FIND TCPDUMP OUTPUT
I have reset firewall states. I also checked "Log packets matched from the from the default pass rules put in the ruleset" under Sytem Logs>Firewall>Manage
I can currently see some pass logs but not on that particular port 8181
![tcpdump output.PNG](/public/imported_attachments/1/tcpdump output.PNG)
![tcpdump output.PNG_thumb](/public/imported_attachments/1/tcpdump output.PNG_thumb)
![firewall rule.PNG](/public/imported_attachments/1/firewall rule.PNG)
![firewall rule.PNG_thumb](/public/imported_attachments/1/firewall rule.PNG_thumb)</port></interface> -
Good that you censored the IPs so that it's impossible to verify anything here. ::) ::) ::)
P.S. And kindly upgrade to current stable pfSense version before wasting more time.
-
Along with what dok says those are acks in your dump not syn.. Your log is not going to log acks that are allowed. A default deny would log out of state or syn.
And again restate - get current.
Are you saying nothing is showing in the logs or only this rule you have? If there was a state already when you created this log rule no existing traffic would not be logged.
-
Along with what dok says those are acks in your dump not syn.. Your log is not going to log acks that are allowed. A default deny would log out of state or syn.
And again restate - get current.
Are you saying nothing is showing in the logs or only this rule you have? If there was a state already when you created this log rule no existing traffic would not be logged.
I have reset firewall states. I also checked "Log packets matched from the from the default pass rules put in the ruleset" under Sytem Logs>Firewall>Manage
I can currently see some pass logs but not on that particular port 8181
-
Along with what dok says those are acks in your dump not syn.. Your log is not going to log acks that are allowed. A default deny would log out of state or syn.
And again restate - get current.
Are you saying nothing is showing in the logs or only this rule you have? If there was a state already when you created this log rule no existing traffic would not be logged.
So i went ahead with to reset states and now i can see traffice from 8181 port i specified. Thank you for your help @ Johnpoz
-
Can not tell from your postings.. But is this outbound, or an inbound port forward to 8181
Without more info and detail its not possible to help point to where your making the mistake.
-
Can not tell from your postings.. But is this outbound, or an inbound port forward to 8181
Without more info and detail its not possible to help point to where your making the mistake.
I am most grateful was an inbound port forward. Solved now