Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
SUGGESTION - NAT log
« previous
next »
Print
Pages: [
1
]
Author
Topic: SUGGESTION - NAT log (Read 3525 times)
criiser
Newbie
Posts: 4
Karma: 1
SUGGESTION - NAT log
«
on:
March 27, 2017, 05:06:34 pm »
Running:
OPNsense 17.1.3-amd64
FreeBSD 11.0-RELEASE-p8
OpenSSL 1.0.2k 26 Jan 2017
On VMware.
I've enabled on ALL (Manual outbound NAT rule generation) my NAT rules the log option.
Likewise on the FW rules in question. LOG log and LOG.
So on the Firewall -> Log Files -> Normal View
I see two rows (For this example DNS query):
Accept - OUT - WAN - WANIP:19763 - 8.8.8.8:53
Accept - IN - LAN - 10.0.0.1:36546 - 8.8.8.8:53
So, my dilemma. When troubleshooting NAT - searching for the LAN IP -Shows only the last entry. and not when the traffic is leaving the FW. Now in this setup/demo. Only one NAT rule. However, I have more interfaces that is being used for NAT. "OpenVPN Clients FTW!" - Making it cumbersome to diagnose and troubleshoot NAT.
Suggestion:
Add to outlog (10.0.0.1:36546) if natted exit. SO log would look like:
Accept - OUT - WAN - WANIP:19763 (10.0.0.1:36546) - 8.8.8.8:53
Easy visibility both NAT rule is working AND Ruleset is allowing the traffic. Maybe even #index of the rule it matches?
Or is this already in here somewhere - I'm just missing an toggle?
Br, Christian
«
Last Edit: March 27, 2017, 05:26:47 pm by criiser
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
SUGGESTION - NAT log