How to monitor specific port forwarded traffic
-
I have a device that I am letting do NAT-PMP and uPnP. Once the device boots, pfSense shows a NAT-PMP rule for that expected IP. Let's say the mapping ends up being:
ext port proto int ip int port 34567 tcp 10.1.1.35 55000What I would like to do is see two things:
- Incoming traffic to the WAN interface on port 3456.
- traffic going out the correct VLAN interface to dest 10.1.1.35:5500
At a minimum, I'd like just some "proof-of-line" showing traffic doing that. But ideally I could get see some packet or byte counts, maybe using pftop (but I'll take what I can get)
Is there an easy way to do this with a stock 2.4.4-RELEASE-p3 build?
-
Not with stock IMHO but it's no problem doing that with the softflow package. You only need a netflow client tool to display the infos. Or you could try ntop-ng that should show those infos, too.
-
Could you do the port forward manually and then on the resulting firewall rule allowing that traffic tick the box to log that traffic?
-
What I ended up doing was using pftop, filtering on the dst port (which should be the internal port on the internal host), and looking for established connections.
