Problem with pflogd and pf on OpenBSD 3.6 - BSD

This is a discussion on Problem with pflogd and pf on OpenBSD 3.6 - BSD ; Hi, I've got a small network set up like so: DSL Router (internal IP in the 192.168.2.* range) Connected via network to: OpenBSD box with IP on ADSL side set to 192.168.2.* range and IP on other side set to ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Problem with pflogd and pf on OpenBSD 3.6

  1. Problem with pflogd and pf on OpenBSD 3.6

    Hi,

    I've got a small network set up like so:

    DSL Router (internal IP in the 192.168.2.* range)

    Connected via network to:

    OpenBSD box with IP on ADSL side set to 192.168.2.* range and
    IP on other side set to 10.0.0.* range

    Connected via network to:

    The switch, which serves the computers on the network.

    The server is running pf with pflog enabled. The setup works very well
    - everyone has access, and various non-work related ports are blocked.
    However, when I check the pflog, I only see the packets leaving the
    external (ADSL side) IP of the BSD box and going to the internet server
    in question - in other words, I cannot tell from which computer the
    packets originated. Is there any way to set this up?


  2. Re: Problem with pflogd and pf on OpenBSD 3.6

    "John H" wrote in message
    news:1117120078.007328.263350@g49g2000cwa.googlegr oups.com...
    > However, when I check the pflog, I only see the packets leaving the
    > external (ADSL side) IP of the BSD box and going to the internet server
    > in question - in other words, I cannot tell from which computer the
    > packets originated. Is there any way to set this up?


    man pflogd suggests you should be able to specify the interface you view.
    Try looking at the LAN NIC.

    hth,

    Steve
    http://www.fivetrees.com



  3. Re: Problem with pflogd and pf on OpenBSD 3.6

    what about set the log option in rules?

    - Mike

    John H wrote:
    > Hi,
    >
    > I've got a small network set up like so:
    >
    > DSL Router (internal IP in the 192.168.2.* range)
    >
    > Connected via network to:
    >
    > OpenBSD box with IP on ADSL side set to 192.168.2.* range and
    > IP on other side set to 10.0.0.* range
    >
    > Connected via network to:
    >
    > The switch, which serves the computers on the network.
    >
    > The server is running pf with pflog enabled. The setup works very well
    > - everyone has access, and various non-work related ports are blocked.
    > However, when I check the pflog, I only see the packets leaving the
    > external (ADSL side) IP of the BSD box and going to the internet server
    > in question - in other words, I cannot tell from which computer the
    > packets originated. Is there any way to set this up?
    >


  4. Re: Problem with pflogd and pf on OpenBSD 3.6

    I've set my loginterface to $int_if and $ext_if, to no avail. I still
    only get outputs like:

    May 29 16:48:22.754881 rule 16/0(match): pass out on ne3:
    192.168.2.2.54234 > 67.159.24.185.80: S 3957329778:3957329778(0) win
    64240 (DF)

    192.168.2.2 is the DSL facing interface on the BSD box. I'd far rather
    have a readout of the true originating IP. Whether this is something I
    can change in pf.conf or my tcpdump options I'm not sure - information
    on the pflog interface is rather scarce. Once I've got the information
    it'll be a doddle to script it into some nice stats, but until then
    I'm rather stuck.


+ Reply to Thread