Stats on number of unique IPs from WAN using servers on LAN?



  • Hi,
    I'm a new pfsense user, just installed first firewall this week.

    I'm interested in the number of users from WAN (the internet) using servers/services we have sitting on the LAN/DMZ side of the firewall (such as www-pages and NTP-servers for example).

    From the number of states I can get a rough estimate, but there is one state for each port/IP combination (as well as ICMP for ping:ers), so the number of states overestimates the number of unique IPs.

    Is there an easy way to get number of unique IP numbers and possibly RRD graphs of this too? Thanks.

    Anders



  • I personally export every to a syslog server a) to have a separate copy running on a different OS behind another fw in case of problems which lock me out of pfsense and b) use the exported data in realtime to monitor what I want to monitor.

    If you set your fw rules to log, the default is for them to be unticked when setting up a rule, not forgetting the tick box options above the export everything option for the syslog [edit in system log, settings tab], you can use this as a separate data source to work out the state table as a double check for this:
    https://forum.pfsense.org/index.php?topic=60509.0

    The link does what you are looking for.



  • There is a package called ntop that you can install in pfSense that might do what you're looking for.  I have limited experience with it, but I think I remember it being able to show and report on which IPs were coming into/out of the firewall.


Log in to reply