Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Monitor what is leaving my WAN interface

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      security_paranoid
      last edited by

      Hi,

      I wan to know which client on the LAN connected to which websites. Thats all I want.

      Do I need to install a package for that if yes which package if not from where exactly can I view that info ?

      1 Reply Last reply Reply Quote 0
      • S
        security_paranoid
        last edited by

        Any ideas ?

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          if you want to monitor websites clients visit you would use a proxy.  Pfsense can log connections, but its only going to give you an IP address of source and destination..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • S
            security_paranoid
            last edited by

            Pfsense can log connections, but its only going to give you an IP address of source and destination

            Thanks for your reply . Form where in the web interface can I view this info ?

            1 Reply Last reply Reply Quote 0
            • NogBadTheBadN
              NogBadTheBad
              last edited by

              @security_paranoid:

              Pfsense can log connections, but its only going to give you an IP address of source and destination

              Thanks for your reply . Form where in the web interface can I view this info ?

              As John mentioned you'll only see IP addresses.

              Create an outbound firewall rule allowing port 80 & 443 outbound, set it to log and place it right at the top of the rule list.

              They appear here :-

              Status -> System Logs -> Firewall

              Andy

              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

              1 Reply Last reply Reply Quote 0
              • S
                security_paranoid
                last edited by

                As John mentioned you'll only see IP addresses.

                Create an outbound firewall rule allowing port 80 & 443 outbound, set it to log and place it right at the top of the rule list.

                They appear here :-

                Status -> System Logs -> Firewall

                Please be patient. How do I create an outbound rule ? Never done that before.

                1 Reply Last reply Reply Quote 0
                • NogBadTheBadN
                  NogBadTheBad
                  last edited by

                  Firewal -> Rules -> LAN

                  Add

                  Create two rules, one using port 80 as a destination, one using port 443 and tick Log packets that are handled by this rule.

                  Drag the two rules to the top and hit save.

                  Untitled.png
                  Untitled.png_thumb
                  ![Untitled 2.png](/public/imported_attachments/1/Untitled 2.png)
                  ![Untitled 2.png_thumb](/public/imported_attachments/1/Untitled 2.png_thumb)

                  Andy

                  1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                  1 Reply Last reply Reply Quote 0
                  • S
                    security_paranoid
                    last edited by

                    No matter how much I try cant move the 2 rules above the anti lockout rule.
                    Please see attachment.

                    ![lan rules.png](/public/imported_attachments/1/lan rules.png)
                    ![lan rules.png_thumb](/public/imported_attachments/1/lan rules.png_thumb)

                    1 Reply Last reply Reply Quote 0
                    • NogBadTheBadN
                      NogBadTheBad
                      last edited by

                      don't worry about the top rule as it's only http to the firewall that interface.

                      http and https will match your new rules rather than your pfblocker rules you might want to move them a bit lower.

                      Andy

                      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                      1 Reply Last reply Reply Quote 0
                      • S
                        security_paranoid
                        last edited by

                        @NogBadTheBad:

                        don't worry about the top rule as it's only http to the firewall that interface.

                        Also I can use Google's imap which is on port 993. Shouldnt that be blocked now ? I mean only 80 and 443 are allowed.

                        1 Reply Last reply Reply Quote 0
                        • NogBadTheBadN
                          NogBadTheBad
                          last edited by

                          the rules just allow and log you've not blocked anything.

                          they read from the top down.

                          https://doc.pfsense.org/index.php/Firewall_Rule_Basics

                          Andy

                          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                          1 Reply Last reply Reply Quote 0
                          • S
                            security_paranoid
                            last edited by

                            @NogBadTheBad:

                            the rules just allow and log you've not blocked anything.

                            https://doc.pfsense.org/index.php/Firewall_Rule_Basics

                            Got it. Thanks a lot.

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              Nevermind you did put the rule on the lan side..

                              Unless your using something like QUIC or SPDY your never going to see UDP on 80/443 for websites.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • K
                                kapara
                                last edited by

                                if you want great granular view pftop or pflowd.  You can find many free netflow collectors.  This captures everything.  I suggest at least trying it and you will understand.

                                Skype ID:  Marinhd

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.