Re: logging NAT sessions (connection tracking)
- Reply: fddi : "Re: logging NAT sessions (connection tracking)"
- In reply to: fddi : "logging NAT sessions (connection tracking)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 20 Oct 2022 07:13:24 UTC
On Oct 11, 2022 at 10:53 -0700, fddi wrote:
Hello,
> I foudn no obvious or easy way to log NAT sessions.
> I have a bunch of NAT boxes implementd with FreeBSD 13.1 and PF.
> I need to log NAT sessions but so far I still have to figure out a good way
> to do it.
>
> I ended up using this:
> https://github.com/italovalcy/pfnattrack
>
> but I am not sure it is working well. It seems like not to be "Real time"
> and logs are delayed.
>
> Any way I could do something similar with pflog ?
> Anybody has a working solution for NAT session logging ?
We've been using pfnattrack, slightly modified, for several years now
and it does the job. It's deployed to log NAT sessions on our campus
wifi infrastructure with thousands of clients connecting every day.
I can share our modifications here if there is an interest.
We did not found something else that would do the job (pflog based or
not).
Regards
--
Guy