Port Forward and system real time dump

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
Not applicable

Port Forward and system real time dump

Hello

I'm a novice and I have maybe stupid two questions.

How can I dump and display (real time) incoming and outgoing traffic on the interface (or all interfaces) ?.For example: typical view from tcpdump.

~# tcpdump -n host 193.165.XXX.XXX and port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:31:03.161906 IP 193.165.xxx.xxx.52653 > 193.165.xxx.xxx.80: Flags , seq 3021987991, win 8192, options [mss 1314,nop,wscale 2,nop,nop,sackOK], length 0
11:31:03.161972 IP 193.165.xxx.xxx.80 > 193.165.xxx.xxx.52653: Flags [S.], seq 21024193, ack 3021987992, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
11:31:03.919630 IP 193.165.xxx.xxx.52653 > 193.165.xxx.xxx.80: Flags [.], ack 1, win 16425, length 0
11:31:03.930313 IP 193.165.xxx.xxx.52653 > 193.165.xxx.xxx.80: Flags [P.], seq 1:368, ack 1, win 16425, length 367
11:31:03.930367 IP 193.165.xxx.xxx.80 > 193.165.209.xxx.52653: Flags [.], ack 368, win 216, length 0
11:31:07.207545 IP 193.165.xxx.xxx.80 > 193.165.209.xxx.52653: Flags [P.], seq 1:486, ack 368, win 216, length 485
11:31:07.488402 IP 193.165.xxx.xxx.52653 > 193.165.xxx.xxx.80: Flags [P.], seq 368:716, ack 486, win 16303, length 348
11:31:07.488445 IP 193.165.xxx.xxx.80 > 193.165.xxx.xxx.52653: Flags [.], ack 716, win 250, length 0

Could you write me please step by step how can I forward traffic from external (WAN - any) traffic to LAN (internal mailserver)

For example:

WAN - any (port 25) ---->| eht1/3 (213.161.212.12) ------- eth1/4(192.168.1.1)| --- mailserver(192.168.1.10)

Thanks for your help.

PeTe

Highlighted
L4 Transporter

You can dump traffic with a few sets of commands. You'll have to setup a debug dataplane packet-capture, and then view-pcap follow yes filter-pcap name.pcap. You could also scp or tftp that pcap to your desktop and view it in Wireshark.

You would want to setup a NAT rule to get mail from the Internal to your Internal network. (Don't forget you're security rule too!)

Highlighted
L6 Presenter

Remember: the packet capture tool on the PAN firewall is a debugging commmand. If you use it improperly you can adversely affect traffic throughput. Do not turn this feature on and leave it on indefinitely!!!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!