This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logviewer does not show data from hairpin rules

Hi folks,

I have a firewall rule where all NTP requests are redirected to the internal NTP server. The firewall rule and the NAT rule all show traffic but nothing appears in logviewer to show which devices are using the internal NTP server.

Ian

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 4 years ago

Can you show us your firewall and NAT rule? Maybe your filter in logviewer is not accurate or you have old connections, pinned to old firewall rules. Check diagnostic and look for NTP connections.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to LuCar Toni

I checked the diagnostics only found 1 NTP connection which is showing the same amount odf data as yesterday.

The NTP firewall and NAT rules as requested.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 4 years ago in reply to rfcat_vk

Actually this firewall rule should not hit for your NTP traffic at all.

If you add to this firewall rule the Zone LAN to Destination (or what ever your freenas zone belongs to), it should match.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to LuCar Toni

Do you mean firewall rule or NAT rule? I had the freenas in the firewall rule and that did not work because the NTP users have external addresses as their destinations for ntp traffic.

Ian

I have changed the NAT rule and it is no longer used, the default NAT rule passes the NTP traffic.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to rfcat_vk

I have deleted the NAT rule and created a linked NAT which shows activity. When reviewed in logviewer the traffic is still going out the WAN interface,

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 4 years ago in reply to rfcat_vk

I was talking about the Firewall Rule.

The Firewall Rule should be:

Source LAN

Destination LAN

Destination Host: Freenat.

NAT was fine in your initial screenshot.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to LuCar Toni

I will try that setting again, last time it did not pass any traffic.

Ian

Changed the rule to your recommendation. The firewall is not registering any traffic, the NAT rule is. There is nothing in logviewer.

added progress of rule change.
[edited by: rfcat_vk at 9:33 AM (GMT -8) on 29 Nov 2020]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 4 years ago in reply to LuCar Toni

I will try that setting again, last time it did not pass any traffic.

Ian

Changed the rule to your recommendation. The firewall is not registering any traffic, the NAT rule is. There is nothing in logviewer.

added progress of rule change.
[edited by: rfcat_vk at 9:33 AM (GMT -8) on 29 Nov 2020]
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rfcat_vk over 4 years ago in reply to rfcat_vk

The overnight report shows lots of UDP 123 traffic, not classified as NTP. The logviewer shows the traffic is all going out through the default NAT rule not the higher priority NTP rule.

I made further changes this morning in an attempt to see if the hairpin is sending traffic to the internal NTP server, but failed because the logviewer shows all traffic going out to the internet.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to rfcat_vk

Hi folks,

I have rebuilt my rules using trial and error and now have the logviewer is showing entries regarding the hairpin. Next trick is to get the freenas server to respond to ntp queries.

Ian

After all that, the freenas does not provide an NTP function. So off to get a PI.

add notes about freenas not providing an NTP function.
[edited by: rfcat_vk at 5:22 AM (GMT -8) on 1 Dec 2020]
Cancel
Vote Up 0 Vote Down

Cancel