Main Nav

For those of you who use pfSense, does anyone know of a way to log which private IPs are being NAT'd to public IPs?

Right now, the only thing I can see is in the "Diagnostics: Show States", where it will show current private IPs, Public IPs they NAT to, and the destination. However, those are only active NATs. Is there a way to log these? Also, is there a way to add a timestamp?  The firewall logs do not show the NAT info.

There are times where we need to track down who a user was days earlier, and without the ability to correlate a public IP to a private IP, we cannot determine this info.

Any help is appreciated.

 

Thanks,

 

-Dan

 

-----------------------

Daniel Mc Cue

Salem State University

71 Loring Ave.

Salem, MA  01970

(978) 542-6909

 



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from wilcoxkm@email.appstate.edu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Dec 14, 2011 at 02:34:31PM +0000, Daniel McCue wrote: > For those of you who use pfSense, does anyone know of a way to log which > private IPs are being NAT'd to public IPs? We aren't a pfSense shop but we are a FreeBSD + pf shop. pfSense is built on FreeBSD + pf so I don't mind tossing in our experiences. > Right now, the only thing I can see is in the "Diagnostics: Show States", where > it will show current private IPs, Public IPs they NAT to, and the destination. > However, those are only active NATs. Is there a way to log these? Also, is > there a way to add a timestamp? The firewall logs do not show the NAT info. You can get the same information from the command line using pfctl -s s As you've noted, that's great for current connections but it's horrible for logging and states that have expired. pfsync is used to keep multiple pf firewalls in sync - it's used to share state. Since inside/outside/destination information is necessary for sharing state, we use it to track NAT logging with a start time, an end time, three port:ip tuples, the MAC of the firewall interface that did the NAT and a transaction id. The alternative is to track network flows via pflowd/cflowd (they're in ports, one uses the pf state table directly). kmw -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk7ow9kACgkQsKMTOtQ3fKGwMwCfdLxhMnZOiP6+ic7otyzhKNyl PmwAn1wLLcSHdPAGW6MmFXANbg0Rk1F6 =6QkB -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Close
Close


Connect: San Antonio
April 22–24
Register Now

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2015 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.