Stats on number of unique IPs from WAN using servers on LAN?

  • Hi,
    I'm a new pfsense user, just installed first firewall this week.

    I'm interested in the number of users from WAN (the internet) using servers/services we have sitting on the LAN/DMZ side of the firewall (such as www-pages and NTP-servers for example).

    From the number of states I can get a rough estimate, but there is one state for each port/IP combination (as well as ICMP for ping:ers), so the number of states overestimates the number of unique IPs.

    Is there an easy way to get number of unique IP numbers and possibly RRD graphs of this too? Thanks.


  • I personally export every to a syslog server a) to have a separate copy running on a different OS behind another fw in case of problems which lock me out of pfsense and b) use the exported data in realtime to monitor what I want to monitor.

    If you set your fw rules to log, the default is for them to be unticked when setting up a rule, not forgetting the tick box options above the export everything option for the syslog [edit in system log, settings tab], you can use this as a separate data source to work out the state table as a double check for this:

    The link does what you are looking for.

  • There is a package called ntop that you can install in pfSense that might do what you're looking for.  I have limited experience with it, but I think I remember it being able to show and report on which IPs were coming into/out of the firewall.

Log in to reply