Date: Thu, 20 Oct 2022 09:50:50 -0700 From: fddi <fddi@comcast.net> To: Guy Brand <gb@unistra.fr>, pf@freebsd.org Subject: Re: logging NAT sessions (connection tracking) Message-ID: <4fa4e31a-449d-5b79-5d59-12de4bbd7651@comcast.net> In-Reply-To: <Y1D1FPs3Z/tgc9cn@unistra.fr> References: <bcf956ba-5024-3f3d-2142-c63208d55c27@comcast.net> <Y1D1FPs3Z/tgc9cn@unistra.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
thanks a lot for your answer. I would greatly appreciate to take a look at your modification if you are keen to share it. Really appreciated. Rick On 10/20/22 12:13 AM, Guy Brand wrote: > On Oct 11, 2022 at 10:53 -0700, fddi wrote: > > Hello, > >> I foudn no obvious or easy way to log NAT sessions. >> I have a bunch of NAT boxes implementd with FreeBSD 13.1 and PF. >> I need to log NAT sessions but so far I still have to figure out a good way >> to do it. >> >> I ended up using this: >> https://github.com/italovalcy/pfnattrack >> >> but I am not sure it is working well. It seems like not to be "Real time" >> and logs are delayed. >> >> Any way I could do something similar with pflog ? >> Anybody has a working solution for NAT session logging ? > We've been using pfnattrack, slightly modified, for several years now > and it does the job. It's deployed to log NAT sessions on our campus > wifi infrastructure with thousands of clients connecting every day. > I can share our modifications here if there is an interest. > > We did not found something else that would do the job (pflog based or > not). > > Regards >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4fa4e31a-449d-5b79-5d59-12de4bbd7651>