Monitor what is leaving my WAN interface
-
Hi,
I wan to know which client on the LAN connected to which websites. Thats all I want.
Do I need to install a package for that if yes which package if not from where exactly can I view that info ?
-
Any ideas ?
-
if you want to monitor websites clients visit you would use a proxy. Pfsense can log connections, but its only going to give you an IP address of source and destination..
-
Pfsense can log connections, but its only going to give you an IP address of source and destination
Thanks for your reply . Form where in the web interface can I view this info ?
-
Pfsense can log connections, but its only going to give you an IP address of source and destination
Thanks for your reply . Form where in the web interface can I view this info ?
As John mentioned you'll only see IP addresses.
Create an outbound firewall rule allowing port 80 & 443 outbound, set it to log and place it right at the top of the rule list.
They appear here :-
Status -> System Logs -> Firewall
-
As John mentioned you'll only see IP addresses.
Create an outbound firewall rule allowing port 80 & 443 outbound, set it to log and place it right at the top of the rule list.
They appear here :-
Status -> System Logs -> Firewall
Please be patient. How do I create an outbound rule ? Never done that before.
-
Firewal -> Rules -> LAN
Add
Create two rules, one using port 80 as a destination, one using port 443 and tick Log packets that are handled by this rule.
Drag the two rules to the top and hit save.
-
No matter how much I try cant move the 2 rules above the anti lockout rule.
Please see attachment.
-
don't worry about the top rule as it's only http to the firewall that interface.
http and https will match your new rules rather than your pfblocker rules you might want to move them a bit lower.
-
don't worry about the top rule as it's only http to the firewall that interface.
Also I can use Google's imap which is on port 993. Shouldnt that be blocked now ? I mean only 80 and 443 are allowed.
-
the rules just allow and log you've not blocked anything.
they read from the top down.
-
the rules just allow and log you've not blocked anything.
Got it. Thanks a lot.
-
Nevermind you did put the rule on the lan side..
Unless your using something like QUIC or SPDY your never going to see UDP on 80/443 for websites.
-
if you want great granular view pftop or pflowd. You can find many free netflow collectors. This captures everything. I suggest at least trying it and you will understand.
