OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: criiser on March 27, 2017, 05:06:34 pm

Title: SUGGESTION - NAT log
Post by: criiser on March 27, 2017, 05:06:34 pm: Running:
OPNsense 17.1.3-amd64
FreeBSD 11.0-RELEASE-p8
OpenSSL 1.0.2k 26 Jan 2017
On VMware.

I've enabled on ALL (Manual outbound NAT rule generation) my NAT rules the log option.

Likewise on the FW rules in question. LOG log and LOG.

So on the Firewall -> Log Files -> Normal View

I see two rows (For this example DNS query):

Accept - OUT - WAN - WANIP:19763 - 8.8.8.8:53
Accept - IN - LAN - 10.0.0.1:36546 - 8.8.8.8:53

So, my dilemma. When troubleshooting NAT - searching for the LAN IP -Shows only the last entry. and not when the traffic is leaving the FW. Now in this setup/demo. Only one NAT rule. However, I have more interfaces that is being used for NAT. "OpenVPN Clients FTW!" - Making it cumbersome to diagnose and troubleshoot NAT.

Suggestion:

Add to outlog (10.0.0.1:36546) if natted exit. SO log would look like:

Accept - OUT - WAN - WANIP:19763 (10.0.0.1:36546) - 8.8.8.8:53

Easy visibility both NAT rule is working AND Ruleset is allowing the traffic. Maybe even #index of the rule it matches?

Or is this already in here somewhere - I'm just missing an toggle?

Br, Christian

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy