Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Odd FW logging inconsistency

    Firewalling
    2
    3
    1826
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 0
      0tt0 last edited by

      Hi,

      I have a large number or port forwards in a 1.2.2 install and everything works perfectly.

      I was doing some basic checking back and forth and switched on logging on 4 rules in WAN section (created by NAT and working). All are identical apart from internal target IP and all shows up with a nice blue mark in the GUI.

      Oddly enough only 3 of those FW rules are logging and showing up in system logs | firewall.

      I have double checked all settings, all is working, I can test grc.com or log on to my shell and test manuelly - nothing - one of the rules (SMTP port 25) is simply not logging.

      I do a finger - logged
      I do a smtp connect - nothing
      I do a finger - logged again…

      I can be sitting logged in using the shell, typing commands, re-connecting, nothing still ends up in system log for the firewall on that particular port when refreshing log viewer.

      Can anyone help me get a clue on this one?

      TIA

      1 Reply Last reply Reply Quote 0
      • P
        Perry last edited by

        you could try
        @http://forum.pfsense.org/index.php/topic:

        What a tcpdump on my Lan nic shows when i try from a outside connection

        tcpdump -t -i vr0 port 3333

        and maybe search in http://192.168.1.1/status.php

        1 Reply Last reply Reply Quote 0
        • 0
          0tt0 last edited by

          @Perry:

          you could try
          @http://forum.pfsense.org/index.php/topic:

          What a tcpdump on my Lan nic shows when i try from a outside connection

          tcpdump -t -i vr0 port 3333

          and maybe search in http://192.168.1.1/status.php

          Thanks for the tip, that was a good page. I don't recognize the URL, it is not linked to in the GUI is it?

          And I think I finally found the problem - my bad - I have a complex setup of mail servers internally that routes mail back and forth and I have 3 non-standard ports exported for some of those SMTP purposes. I think I may have fooled myself into enabling logging on the wrong rule, I was looking at 25 but the internal target for that NAT was another port..

          Thanks,

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy