From nobody Tue Oct 11 17:53:07 2022
X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mn3LL0m6Tz4f4bx
	for <freebsd-pf@mlmmj.nyi.freebsd.org>; Tue, 11 Oct 2022 17:53:46 +0000 (UTC)
	(envelope-from fddi@comcast.net)
Received: from resqmta-a1p-077721.sys.comcast.net (resqmta-a1p-077721.sys.comcast.net [IPv6:2001:558:fd01:2bb4::a])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Mn3LK0wSjz3Cjn
	for <freebsd-pf@freebsd.org>; Tue, 11 Oct 2022 17:53:45 +0000 (UTC)
	(envelope-from fddi@comcast.net)
Received: from resomta-a1p-077050.sys.comcast.net ([96.103.145.228])
	by resqmta-a1p-077721.sys.comcast.net with ESMTP
	id iItloOOWAU3fbiJRhoEdMp; Tue, 11 Oct 2022 17:53:37 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net;
	s=20190202a; t=1665510817;
	bh=4NxVZmrd/JzAKEwd1vfdTFNHHPm0gtl96lfCZe4rubk=;
	h=Received:Received:Message-ID:Date:MIME-Version:To:From:Subject:
	 Content-Type;
	b=OXejgVpr1QrsJ9FkV9bglnKEObS0DwOaDSCx7OrXwxEOPdu/iwJd9tc9KWoeqjZ7G
	 Tz7Sl11oDIygrG6GUf7+AAq9zriuPd11I9sbXezpP0OWjRc8xMtIyPEBzMTBnJnMqU
	 74Sqp8weg3NjJ/iT01hsRLlB063iFuTFGq0PA/dsSb0s1FN6I4RneiL3EJrZia7JdI
	 td1lHDPBSl0YVsfefwoOhoOaW7qp5NPkBfxed/O+NU3r/7M5H9EAX60lNGAZ7LmEur
	 rJZAwBnIpK38fcHP8baN6o/5/uiNBuRJDxbfhLmU9l6BejTxboDbzMf91w7w1Xyiri
	 /zpZGU8ABGXtQ==
Received: from [198.129.117.144] ([198.129.117.144])
	by resomta-a1p-077050.sys.comcast.net with ESMTPSA
	id iJRDozEI6iaR9iJREo9YBY; Tue, 11 Oct 2022 17:53:13 +0000
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedvfedrfeejiedguddugecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihdpqfgfvfdppffquffrtefokffrnecuuegrihhlohhuthemuceftddunecunecujfgurhepkfffgggfvffhufgtgfesthejredttdefjeenucfhrhhomhepfhguughiuceofhguughisegtohhmtggrshhtrdhnvghtqeenucggtffrrghtthgvrhhnpedvuefgiedtteeihefgveetfeejgedttdeghfelieffuedtfedtkeevvefggeduffenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeduleekrdduvdelrdduudejrddugeegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghloheplgduleekrdduvdelrdduudejrddugeegngdpihhnvghtpeduleekrdduvdelrdduudejrddugeegpdhmrghilhhfrhhomhepfhguughisegtohhmtggrshhtrdhnvghtpdhnsggprhgtphhtthhopedupdhrtghpthhtohepfhhrvggvsghsugdqphhfsehfrhgvvggsshgurdhorhhg
X-Xfinity-VMeta: sc=0.00;st=legit
Message-ID: <bcf956ba-5024-3f3d-2142-c63208d55c27@comcast.net>
Date: Tue, 11 Oct 2022 10:53:07 -0700
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0)
 Gecko/20100101 Thunderbird/102.3.1
To: freebsd-pf@FreeBSD.org
Content-Language: en-US
From: fddi <fddi@comcast.net>
Subject: logging NAT sessions (connection tracking)
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4Mn3LK0wSjz3Cjn
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=comcast.net header.s=20190202a header.b=OXejgVpr;
	dmarc=pass (policy=none) header.from=comcast.net;
	spf=pass (mx1.freebsd.org: domain of fddi@comcast.net designates 2001:558:fd01:2bb4::a as permitted sender) smtp.mailfrom=fddi@comcast.net
X-Spamd-Result: default: False [-0.97 / 15.00];
	HFILTER_HELO_5(3.00)[resqmta-a1p-077721.sys.comcast.net];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.97)[-0.975];
	DMARC_POLICY_ALLOW(-0.50)[comcast.net,none];
	R_SPF_ALLOW(-0.20)[+ip6:2001:558:fd01:2bb4::/64];
	R_DKIM_ALLOW(-0.20)[comcast.net:s=20190202a];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_TLS_LAST(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org];
	ASN(0.00)[asn:7922, ipnet:2001:558::/29, country:US];
	FROM_EQ_ENVFROM(0.00)[];
	FREEMAIL_ENVFROM(0.00)[comcast.net];
	MIME_TRACE(0.00)[0:+];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	FREEMAIL_FROM(0.00)[comcast.net];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	DKIM_TRACE(0.00)[comcast.net:+];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	TO_DN_NONE(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	DWL_DNSWL_NONE(0.00)[comcast.net:dkim]
X-ThisMailContainsUnwantedMimeParts: N

Hello,

I foudn no obvious or easy way to log NAT sessions.

I have a bunch of NAT boxes implementd with FreeBSD 13.1 and PF.

I need to log NAT sessions but so far I still have to figure out a good 
way to do it.

I ended up using this:

https://github.com/italovalcy/pfnattrack

but I am not sure it is working well. It seems like not to be "Real 
time" and logs are delayed.

Any way I could do something similar with pflog ?

Anybody has a working solution for NAT session logging ?

Thanks

Rick