Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 27 subscribers
  • Views 725 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logviewer does not show data from hairpin rules

rfcat_vk

Hi folks,

I have a firewall rule where all NTP requests are redirected to the internal NTP server. The firewall rule and the NAT rule all show traffic but nothing appears in logviewer to show which devices are using the internal NTP server.

Ian



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    I checked the diagnostics only found 1 NTP connection which is showing the same amount odf data as yesterday.

    The NTP firewall and NAT rules as requested.

    Ian

  • 0 in reply to rfcat_vk

    Actually this firewall rule should not hit for your NTP traffic at all. 

    If you add to this firewall rule the Zone LAN to Destination (or what ever your freenas zone belongs to), it should match. 

  • 0 in reply to LuCar Toni

    Do you mean firewall rule or NAT rule? I had the freenas in the firewall rule and that did not work because the NTP users have external addresses as their destinations for ntp traffic.

    Ian

    I have changed the NAT rule and it is no longer used, the default NAT rule passes the NTP traffic.

  • 0 in reply to rfcat_vk

    I have deleted the NAT rule and created a linked NAT which shows activity. When reviewed in logviewer the traffic is still going out the WAN interface,

    Ian

  • 0 in reply to rfcat_vk

    I was talking about the Firewall Rule. 

    The Firewall Rule should be: 

    Source LAN

    Destination LAN 

    Destination Host: Freenat.

    NAT was fine in your initial screenshot. 

  • 0 in reply to LuCar Toni

    I will try that setting again, last time it did not pass any traffic.

    Ian

    Changed the rule to your recommendation. The firewall is not registering any traffic, the NAT rule is. There is nothing in logviewer.



    added progress of rule change.
    [edited by: rfcat_vk at 9:33 AM (GMT -8) on 29 Nov 2020]
  • 0 in reply to rfcat_vk

    The overnight report shows lots of UDP 123 traffic, not classified as NTP. The logviewer shows the traffic is all going out through the default NAT rule not the higher priority NTP rule.

    I made further changes this morning in an attempt to see if the hairpin is sending traffic to the internal NTP server, but failed because the logviewer shows all traffic going out to the internet.

    Ian

  • 0 in reply to rfcat_vk

    Hi folks,

    I have rebuilt my rules using trial and error and now have the logviewer is showing entries regarding the hairpin. Next trick is to get the freenas server to respond to ntp queries.

    Ian

    After all that, the freenas does not provide an NTP function. So off to get a PI.



    add notes about freenas not providing an NTP function.
    [edited by: rfcat_vk at 5:22 AM (GMT -8) on 1 Dec 2020]