IP Geolocation - A tiny hack to show where your connections are going



  • I thought I'd share my useful little PFsense hack which lets me see where the IP addresses we are connecting to are originating.  I use this to see where the game servers are that we connect to over Xbox Live.

    This uses the diag_dump_states.php file located in /usr/local/www

    Look for the code around line 165

    
    echo "
                                    {$proto}
                                    {$info}
                                    {$state}
    
    

    Then change it to

    
    echo "
                                    {$proto}
                                    {$info} [GeolP](http://www.maxmind.com/app/locate_ip?ips={$dstip})
                                    {$state}
    
    

    Basically it creates a link with the destination ip being sent to the IP geolocation database site.  I used the maxmind site but there are others.

    See the attached image for an idea of what it looks like.

    Hope this helps someone.




  • Nice little hack.. I was wondering, would you know how to add it to diag_new_states.php? Its a replacement for diag_dump_state.php, which you can find in packages.



  • Does the new states package replace the diag_dump_states completely?  Can it be uninstalled cleanly?  I'd like to know before I install it and try.



  • It can be un-installed. it doesn't replace the file but adds another menu under the diag pull down. You can use both with it install, doesn't effect the original file.



  • OK I checked diag_new_states.php and this seems to work.

    Look around line 58 for the following code having to do with destination ip (dstip):

    
    		case 'dstip':
    			if ($_GET['dfilter']) {
    				if ($_GET['dfilter'] == $ip)
    					return $ip;
    			}
    			else {
    				return '['. $ip .'](?dfilter='.$ip.$viewPassThru.')';
    			}
    			break;
    
    

    And change it to:

    
    		case 'dstip':
    			if ($_GET['dfilter']) {
    				if ($_GET['dfilter'] == $ip)
    					return $ip;
    			}
    			else {
    				return '['. $ip .'](?dfilter='.$ip.$viewPassThru.') [GeoIP](http://www.maxmind.com/app/locate_ip?ips='.$ip.')';
    			}
    			break;
    
    

    Thanks for the suggestion. I never knew this alternate states package was available.  I'll have to give it a try.



  • thanks!! that worked like a charm! I added the code to source line also.. Works really good



  • You're welcome, enjoy!



  • Nice little post - I like little hacks like this one.


Locked