Stats on number of unique IPs from WAN using servers on LAN?
I'm a new pfsense user, just installed first firewall this week.
I'm interested in the number of users from WAN (the internet) using servers/services we have sitting on the LAN/DMZ side of the firewall (such as www-pages and NTP-servers for example).
From the number of states I can get a rough estimate, but there is one state for each port/IP combination (as well as ICMP for ping:ers), so the number of states overestimates the number of unique IPs.
Is there an easy way to get number of unique IP numbers and possibly RRD graphs of this too? Thanks.
I personally export every to a syslog server a) to have a separate copy running on a different OS behind another fw in case of problems which lock me out of pfsense and b) use the exported data in realtime to monitor what I want to monitor.
If you set your fw rules to log, the default is for them to be unticked when setting up a rule, not forgetting the tick box options above the export everything option for the syslog [edit in system log, settings tab], you can use this as a separate data source to work out the state table as a double check for this:
The link does what you are looking for.
There is a package called ntop that you can install in pfSense that might do what you're looking for. I have limited experience with it, but I think I remember it being able to show and report on which IPs were coming into/out of the firewall.