OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • How do I log "blocked" traffic?
« previous next »
  • Print
Pages: [1]

Author Topic: How do I log "blocked" traffic?  (Read 1463 times)

dergroddi

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
How do I log "blocked" traffic?
« on: January 03, 2024, 11:12:03 pm »
Hi there,

I have two networks (main + iot). Now, I have a new device (Bambu Labs 3D Printer) which refuses to "connect to Internet" while being in iot network (other devices do not have those problems).

My question is: how can I figure out what is being blocked / not allowed in the firewall? I switched on every log option (especially for the automatically generated rules) but I do not see ANY red (blocked / not allowed) traffic in my logs.

How can I do that or what other options do I have to monitor every traffic for this device?
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 2017
  • Karma: 194
    • View Profile
Re: How do I log "blocked" traffic?
« Reply #1 on: January 04, 2024, 09:55:52 am »
Quote from: dergroddi on January 03, 2024, 11:12:03 pm
How can I do that or what other options do I have to monitor every traffic for this device?

In general

Do a packet capture filtered on the host IP of the printer - Interfaces: Diagnostics: Packet Capture
Open the file in Wireshark and see what it needs https://www.wireshark.org/

Specifically

My guess is one or more of these ;-) https://wiki.bambulab.com/en/general/printer-network-ports

Bart...

P.S. I'm considering Bambu, but after this episode, I'll definitely keep it in LAN mode: https://themessenger.com/tech/bambu-owners-3d-printers-malfunction-cloud-print-twice
Logged

CJ

  • Hero Member
  • *****
  • Posts: 832
  • Karma: 30
    • View Profile
    • Have Answer, Will Blog
Re: How do I log "blocked" traffic?
« Reply #2 on: January 04, 2024, 02:39:32 pm »
Packet capture is definitely what you need to do if it's not working.  I'm surprised you're not seeing anything from the default block rule as IIRC it logs by default.  Also, you can view the resulting capture inside OPNsense.  Wireshark just gives you a nicer view.

Additionally, check to make sure that the underlying pieces are working.  Is the Bambu getting an IP and route?  Are you allowing DNS access to that network?  Etc.
Logged
Have Answer, Will Blog

dergroddi

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: How do I log "blocked" traffic?
« Reply #3 on: January 04, 2024, 07:30:31 pm »
Thank you both for your feedback.

Packet Capture is what I did, but I did not see anything being blocked in there... So I still do not know why the printer insisted on not having internet connection.

But after reading the article, I decided to stay in LAN only mode. I really do not need the mobile app anyway and the timelapse is accessible via FTPS.

I did add the necessary rules (in my LAN network) for the ports and the printer is now connected in local mode.

PS: It might have been something with the DNS (Pi-Hole in main network, no rule for IOT devices to let port 53 pass), I will maybe check it out later
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • How do I log "blocked" traffic?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2