How to monitor specific port forwarded traffic

  • I have a device that I am letting do NAT-PMP and uPnP. Once the device boots, pfSense shows a NAT-PMP rule for that expected IP. Let's say the mapping ends up being:

    ext port  proto   int ip     int port
    34567     tcp  55000	

    What I would like to do is see two things:

    1. Incoming traffic to the WAN interface on port 3456.
    2. traffic going out the correct VLAN interface to dest

    At a minimum, I'd like just some "proof-of-line" showing traffic doing that. But ideally I could get see some packet or byte counts, maybe using pftop (but I'll take what I can get)

    Is there an easy way to do this with a stock 2.4.4-RELEASE-p3 build?

  • LAYER 8 Moderator

    Not with stock IMHO but it's no problem doing that with the softflow package. You only need a netflow client tool to display the infos. Or you could try ntop-ng that should show those infos, too.

  • Could you do the port forward manually and then on the resulting firewall rule allowing that traffic tick the box to log that traffic?

  • What I ended up doing was using pftop, filtering on the dst port (which should be the internal port on the internal host), and looking for established connections.