Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: dergroddi on January 03, 2024, 11:12:03 PM

Title: How do I log "blocked" traffic?
Post by: dergroddi on January 03, 2024, 11:12:03 PM
Hi there,

I have two networks (main + iot). Now, I have a new device (Bambu Labs 3D Printer) which refuses to "connect to Internet" while being in iot network (other devices do not have those problems).

My question is: how can I figure out what is being blocked / not allowed in the firewall? I switched on every log option (especially for the automatically generated rules) but I do not see ANY red (blocked / not allowed) traffic in my logs.

How can I do that or what other options do I have to monitor every traffic for this device?
Title: Re: How do I log "blocked" traffic?
Post by: bartjsmit on January 04, 2024, 09:55:52 AM
Quote from: dergroddi on January 03, 2024, 11:12:03 PM
How can I do that or what other options do I have to monitor every traffic for this device?

In general

Do a packet capture filtered on the host IP of the printer - Interfaces: Diagnostics: Packet Capture
Open the file in Wireshark and see what it needs https://www.wireshark.org/

Specifically

My guess is one or more of these ;-) https://wiki.bambulab.com/en/general/printer-network-ports

Bart...

P.S. I'm considering Bambu, but after this episode, I'll definitely keep it in LAN mode: https://themessenger.com/tech/bambu-owners-3d-printers-malfunction-cloud-print-twice
Title: Re: How do I log "blocked" traffic?
Post by: CJ on January 04, 2024, 02:39:32 PM
Packet capture is definitely what you need to do if it's not working.  I'm surprised you're not seeing anything from the default block rule as IIRC it logs by default.  Also, you can view the resulting capture inside OPNsense.  Wireshark just gives you a nicer view.

Additionally, check to make sure that the underlying pieces are working.  Is the Bambu getting an IP and route?  Are you allowing DNS access to that network?  Etc.
Title: Re: How do I log "blocked" traffic?
Post by: dergroddi on January 04, 2024, 07:30:31 PM
Thank you both for your feedback.

Packet Capture is what I did, but I did not see anything being blocked in there... So I still do not know why the printer insisted on not having internet connection.

But after reading the article, I decided to stay in LAN only mode. I really do not need the mobile app anyway and the timelapse is accessible via FTPS.

I did add the necessary rules (in my LAN network) for the ports and the printer is now connected in local mode.

PS: It might have been something with the DNS (Pi-Hole in main network, no rule for IOT devices to let port 53 pass), I will maybe check it out later
Text only | Text with Images