OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • SUGGESTION - NAT log
« previous next »
  • Print
Pages: [1]

Author Topic: SUGGESTION - NAT log  (Read 1005 times)

criiser

  • Newbie
  • *
  • Posts: 4
  • Karma: 1
    • View Profile
SUGGESTION - NAT log
« on: March 27, 2017, 05:06:34 pm »
Running:
OPNsense 17.1.3-amd64
FreeBSD 11.0-RELEASE-p8
OpenSSL 1.0.2k 26 Jan 2017
On VMware.

I've enabled on ALL (Manual outbound NAT rule generation) my NAT rules the log option.

Likewise on the FW rules in question. LOG log and LOG.

So on the Firewall -> Log Files -> Normal View

I see two rows (For this example DNS query):

Accept - OUT - WAN - WANIP:19763 - 8.8.8.8:53
Accept - IN - LAN - 10.0.0.1:36546 - 8.8.8.8:53

So, my dilemma. When troubleshooting NAT - searching for the LAN IP  -Shows only the last entry. and not when the traffic is leaving the FW. Now in this setup/demo. Only one NAT rule. However, I have more interfaces that is being used for NAT. "OpenVPN Clients FTW!" - Making it cumbersome to diagnose and troubleshoot NAT.

Suggestion:

Add to outlog (10.0.0.1:36546) if natted exit.  SO log would look like:

Accept - OUT - WAN - WANIP:19763 (10.0.0.1:36546) - 8.8.8.8:53

Easy visibility both NAT rule is working AND Ruleset is allowing the traffic. Maybe even #index of the rule it matches?

Or is this already in here somewhere - I'm just missing an toggle?

Br, Christian



« Last Edit: March 27, 2017, 05:26:47 pm by criiser »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • SUGGESTION - NAT log
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2020 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2