Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Odd FW logging inconsistency

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 0
      0tt0
      last edited by

      Hi,

      I have a large number or port forwards in a 1.2.2 install and everything works perfectly.

      I was doing some basic checking back and forth and switched on logging on 4 rules in WAN section (created by NAT and working). All are identical apart from internal target IP and all shows up with a nice blue mark in the GUI.

      Oddly enough only 3 of those FW rules are logging and showing up in system logs | firewall.

      I have double checked all settings, all is working, I can test grc.com or log on to my shell and test manuelly - nothing - one of the rules (SMTP port 25) is simply not logging.

      I do a finger - logged
      I do a smtp connect - nothing
      I do a finger - logged again…

      I can be sitting logged in using the shell, typing commands, re-connecting, nothing still ends up in system log for the firewall on that particular port when refreshing log viewer.

      Can anyone help me get a clue on this one?

      TIA

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        you could try
        @http://forum.pfsense.org/index.php/topic:

        What a tcpdump on my Lan nic shows when i try from a outside connection

        tcpdump -t -i vr0 port 3333

        and maybe search in http://192.168.1.1/status.php

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • 0
          0tt0
          last edited by

          @Perry:

          you could try
          @http://forum.pfsense.org/index.php/topic:

          What a tcpdump on my Lan nic shows when i try from a outside connection

          tcpdump -t -i vr0 port 3333

          and maybe search in http://192.168.1.1/status.php

          Thanks for the tip, that was a good page. I don't recognize the URL, it is not linked to in the GUI is it?

          And I think I finally found the problem - my bad - I have a complex setup of mail servers internally that routes mail back and forth and I have 3 non-standard ports exported for some of those SMTP purposes. I think I may have fooled myself into enabling logging on the wrong rule, I was looking at 25 but the internal target for that NAT was another port..

          Thanks,

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.