Would like to see Internal LAN IP addresses in Firewall logs



  • Hi Folks,
    I may be missing the point of where to place the hardware, in my home network, but this is what I have:

    OpenWrt Router (LAN on 4 x switch ports and 2 x WiFi (2.4/5GHz) - Archer 2600) WAN port on Router >>>>>>>>>>> LAN on pfsense SG-1100 , WAN on pfsense SG-1100 >>>>>>>>>>> Surfboard Modem >>>>>>>>>> Coax to Xfinity ISP

    OpenWRT is running its firewall. Network breakdown is as follows:

    OpenWRT running DHCP for LAN on 192.168.1.0 net
    OpenWRT WAN port has a static IP - 172.16.10.253
    pfsense LAN port has a static IP - 172.16.10.1
    pfsense WAN is set as a DHCP client

    All of the above works just fine, but I would like to see LAN net IP source to destination in the pfsense firewall logs, from the 192.168.1.0 LAN. At present, all I see is the OpenWrt WAN IP and port (172.16.10.253) as the source IP and various NAT ports/protocols.

    I have tried to configure OpenWrt so that all 5 ports behave like switch ports, but I cannot figure it out.

    Is there a way to present the source LAN IP address in the firewall logs within pfsense? Not too hot on NATting, so apologies if this is not totally clear. Thank you for your help.



  • Replace the router with a cheap switch & move DHCP to pfSense LAN and you problem goes away. pfSense can't see through your OpenWRT router to determine the clients behind it.



  • Hi KOM,
    Thank you for your reply. I would like to keep my router in place if possible. Is there a different way to achieve what I need without replacing my router? I.E. can I reconfigure my OpenWrt router to simply include the WAN port as a switch, or change the firewall rules on OpenWrt?



  • I have no idea what you can do with your other router. Why do you have to have it there? It's not doing anything for you other than double-NAT for no reason and it's causing you problems.



  • @KOM Hi there, I have it on my network for WiFi access/adblocking/NAS/etc.



  • Let pfSense do the adblocking or get a pihole running. Turn your OpenWRT into an AP by disabling WAN and DHCP server and then plug the LAN port into a switch.


Log in to reply