pfTop not showing the ports in use...?

  • Ok so I’m new to pfsense. I’m in the process of setting up multiple VLANs on my home network. I’m at the point where I have the multiple VLANs configured, and for testing purposes I have traffic flowing freely between them.

    All is good in terms of connectivity. Now I’m tweaking my traffic shaping by monitoring activity in pfTop to determine which ports etc. to use in the Floating rules. Here’s the issue:

    When initiating certain activities on the network (like VNC, RDP, Plex) I can only see the relevant ports (5900, 3389, 32400) In pfTop when the source and destination clients on the network are on different VLANS. When the clients are on the same VLAN, the above activities and port examples don’t show in pfTop at all. Instead its 443 connections to destination IPs not on my network.

    Here is the information on my setup:

    • Pfsense 2.4.5 installed on a 4 port Qotom machine bought off Amazon
    • igb0 is the WAN
    • igb2 and igb3 set up as a LAGG —> NETGEAR GS110TPP —> NETGEAR GS108T
    • VLANs 10 (Management), 20, 30, 40 created, each linked to the LAGG (see image)

    1F5B3DCA-AE56-4248-8309-1DD29646F9F6.jpeg 5C4FF407-1CC0-490E-853D-6FE9F2D33B7A.jpeg F37B5B7E-9980-4B6C-870E-161ED5D20825.jpeg

    Ive been pulling my hair out over this for days. Ive restored my pfsense box to factory defaults so many times.

    Does anyone have any ideas?? I’m running out of hair...

  • E.g:

    • iPhone on (VLAN20) initiates VNC connection to Macbook on (VLAN30). PfTop results show ports 5900 - all good.

    • Now same iPhone, but on (VLAN30) initiates VNC connection to same Macbook on (VLAN30). PfTop results dont show the 5900 ports anywhere.

  • first, was the vnc connection successful? pftop is sorted by bytes and you have a maximum number of states set to 100 with a lot of DNS traffic. have you tried to narrow down pftop results by adjusting your filter expression from "src net" to "src net and dst port 5900"?

    edit: oh, you should be using src host 192.x.x.x instead of src net.

    src host host
    True if the IPv4/v6 source field of the packet is host.
    src net net
    True if the IPv4/v6 source address of the packet has a network number of net.

Log in to reply