Port Forward and system real time dump

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Port Forward and system real time dump

Not applicable

Hello

I'm a novice and I have maybe stupid two questions.

How can I dump and display (real time) incoming and outgoing traffic on the interface (or all interfaces) ?.For example: typical view from tcpdump.

~# tcpdump -n host 193.165.XXX.XXX and port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:31:03.161906 IP 193.165.xxx.xxx.52653 > 193.165.xxx.xxx.80: Flags , seq 3021987991, win 8192, options [mss 1314,nop,wscale 2,nop,nop,sackOK], length 0
11:31:03.161972 IP 193.165.xxx.xxx.80 > 193.165.xxx.xxx.52653: Flags [S.], seq 21024193, ack 3021987992, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 5], length 0
11:31:03.919630 IP 193.165.xxx.xxx.52653 > 193.165.xxx.xxx.80: Flags [.], ack 1, win 16425, length 0
11:31:03.930313 IP 193.165.xxx.xxx.52653 > 193.165.xxx.xxx.80: Flags [P.], seq 1:368, ack 1, win 16425, length 367
11:31:03.930367 IP 193.165.xxx.xxx.80 > 193.165.209.xxx.52653: Flags [.], ack 368, win 216, length 0
11:31:07.207545 IP 193.165.xxx.xxx.80 > 193.165.209.xxx.52653: Flags [P.], seq 1:486, ack 368, win 216, length 485
11:31:07.488402 IP 193.165.xxx.xxx.52653 > 193.165.xxx.xxx.80: Flags [P.], seq 368:716, ack 486, win 16303, length 348
11:31:07.488445 IP 193.165.xxx.xxx.80 > 193.165.xxx.xxx.52653: Flags [.], ack 716, win 250, length 0

Could you write me please step by step how can I forward traffic from external (WAN - any) traffic to LAN (internal mailserver)

For example:

WAN - any (port 25) ---->| eht1/3 (213.161.212.12) ------- eth1/4(192.168.1.1)| --- mailserver(192.168.1.10)

Thanks for your help.

PeTe

2 REPLIES 2

L4 Transporter

You can dump traffic with a few sets of commands. You'll have to setup a debug dataplane packet-capture, and then view-pcap follow yes filter-pcap name.pcap. You could also scp or tftp that pcap to your desktop and view it in Wireshark.

You would want to setup a NAT rule to get mail from the Internal to your Internal network. (Don't forget you're security rule too!)

Remember: the packet capture tool on the PAN firewall is a debugging commmand. If you use it improperly you can adversely affect traffic throughput. Do not turn this feature on and leave it on indefinitely!!!!

  • 1909 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!