MAC address Log
Hello, So I am getting ready to setup my PFsense box and had a question.
So I wanted to have a setup where I can have Users (for each space of a RV park, for longer term tenants)
Voucher System (for short term tenants)
And a way to register the mac addresses of all. I know I can setup a white list and set to allow a mac address after it has connected for long terms (so they only have to log in once).
However I would like the ability to store all the macs of vouchers and users in logs with a time stamp of sorts. That way if something illegal takes place, I can pinpoint who did it with the mac address.
I was going to try and log all traffic, but found that I think in the US that is the wrong approach, as the laws want me to not know.
Does anyone know if this is possible, what is the best way to go about this and am I all wet and I should log everything? Or is just the MAC addresses the best way to go as the laws are concerned.
Have the CP add the MAC address to the MAC address table. It will be logged along with the voucher in the Captive Portal Auth log. You will want to send those to a log server if you really want to be the internet police.
Just enable Pass-through MAC Auto Entry. Check them both. When the voucher expires the MAC entry will be removed.
I used this technique because it eliminates the need for the DHCP pool expiry times to be tied to the timeout. This enabled me to issue multi-day vouchers and not worry about the IP/MAC pairing staying the same for the entire time. A device can leave, their lease can expire, they can return and get another lease and they will still work.
Thanks and lol. I dont really want to play internet police, just dont want to get sued and lose everything due to something someone else did.
We never had a problem with that, till the other day, when someone decided to pirate way more movies then they could possibly wacth, in a 2 day period. Our ISP wasnt happy, so want to be able to stop/prevent that as best as possible.
Anyway, for a separate log server, could I just visualize that with the PFsense on the same box, and what would I use as a log os?
Yeah, being an ISP (which is what you are trying to be) has its challenges.
No. pfSense is not intended to be a long-term log storage server. The logs are circular and the new entries overwrite the old.
Any syslog server would do. linux, freebsd, windows, whatever.
Well I mean how circular? there is no way to increase that circles size? I dont need I need to log this stuff for years, just maybe a month or 2.
Month or two is probably not something you want to task your firewall for.
Yes, that can be increased.
Whether it is enough depends on how much device churn you are expecting.