Re: logging NAT sessions (connection tracking)

Reply: Guy Brand : "Re: logging NAT sessions (connection tracking)"
In reply to: Guy Brand : "Re: logging NAT sessions (connection tracking)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: fddi <fddi_at_comcast.net>
Date: Thu, 20 Oct 2022 16:50:50 UTC

thanks a lot for your answer.

I would greatly appreciate to take a look at your modification if you 
are keen to share it.

Really appreciated.

Rick


On 10/20/22 12:13 AM, Guy Brand wrote:
> On Oct 11, 2022 at 10:53 -0700, fddi wrote:
>
> Hello,
>
>> I foudn no obvious or easy way to log NAT sessions.
>> I have a bunch of NAT boxes implementd with FreeBSD 13.1 and PF.
>> I need to log NAT sessions but so far I still have to figure out a good way
>> to do it.
>>
>> I ended up using this:
>> https://github.com/italovalcy/pfnattrack
>>
>> but I am not sure it is working well. It seems like not to be "Real time"
>> and logs are delayed.
>>
>> Any way I could do something similar with pflog ?
>> Anybody has a working solution for NAT session logging ?
> We've been using pfnattrack, slightly modified, for several years now
> and it does the job. It's deployed to log NAT sessions on our campus
> wifi infrastructure with thousands of clients connecting every day.
> I can share our modifications here if there is an interest.
>
> We did not found something else that would do the job (pflog based or
> not).
>
> Regards
>