Insight - Which LAN IP's visited which websites

Started by aristosv, April 03, 2018, 04:20:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 03, 2018, 04:20:28 PM
So I decided to stop using the usual ubiquity and mikrotik routers, bought a small Intel based computer and for the past couple of weeks I've been using pfSense on my gateway. Even though the functionality is all there, the interface seemed a bit outdated. But most importantly I couldn't get any support from the forums.

A few google searches later and I came across opnsense, which seems a lot more promising. I like forked software because they represent someone's desire for evolution of ideas, promote progress and stop stagnation.

I wanted to ask, if opnsense provides the ability to view which computers on my LAN, are visiting which websites on the internet. Would Insight - Netflow Analyzer provide this information?

Truth be told I also wanted to post a question in the forums, to see if I'd get a response. Which is something I didn't get on the pfSense forums.

Thanks
April 03, 2018, 04:27:46 PM #1
The best way to do that is using the proxy and read the logs.
April 03, 2018, 05:26:13 PM #2
Welcome to OPNsense!
Indeed, proxy would be one idea. The other would be to use a custom DNS server and monitor queries.
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
April 14, 2018, 12:44:57 PM #3
Hi there,

If the WiFi card is supported this works. If not you can always use an extender or USB NIC / Wifi Stick(*). ยูฟ่าเบท
April 14, 2018, 03:44:21 PM #4
Hi,

QuoteI wanted to ask, if opnsense provides the ability to view which computers on my LAN, are visiting which websites on the internet. Would Insight - Netflow Analyzer provide this information?

I actually wanted to ask something very similar. But I'm interested in all traffic/protocols not just web.

  • Now I can see partially what is going on in the livelog but that seems to be just the recent events and then gone.
  • The overview is a summary and too high-level, no drill down possible.
  • Plain view is too raw.
  • None of them resolves to hostnames. Only very basic filtering is possible.

Do I have overlooked something or is there really no UI supported, flexible reporting available for Firewall traffic?
I couldn't spot something in the documentation.

As a start I would like to see stuff such like:

  • Which hostnames generates what amount of traffic
  • Which hostnames traffic is being blocked and why (what rule)
  • IP range owner/country of targetip
  • ...

This is very crucial information out of a Firewall to me - otherwise it's mostly a blackbox executing some rules?
Is this is information really not available as a dynamically searchable, UI friendly report or did I just not yet find it?

Thanks for infos and explaining me how best practice to achieve what I intend would be.
Print
Go Up Pages1
User actions