How to monitor specific port forwarded traffic
I have a device that I am letting do NAT-PMP and uPnP. Once the device boots, pfSense shows a NAT-PMP rule for that expected IP. Let's say the mapping ends up being:
ext port proto int ip int port 34567 tcp 10.1.1.35 55000
What I would like to do is see two things:
- Incoming traffic to the WAN interface on port 3456.
- traffic going out the correct VLAN interface to dest 10.1.1.35:5500
At a minimum, I'd like just some "proof-of-line" showing traffic doing that. But ideally I could get see some packet or byte counts, maybe using pftop (but I'll take what I can get)
Is there an easy way to do this with a stock 2.4.4-RELEASE-p3 build?
Not with stock IMHO but it's no problem doing that with the softflow package. You only need a netflow client tool to display the infos. Or you could try ntop-ng that should show those infos, too.
Could you do the port forward manually and then on the resulting firewall rule allowing that traffic tick the box to log that traffic?
What I ended up doing was using pftop, filtering on the dst port (which should be the internal port on the internal host), and looking for established connections.