Real-time packet flow conflict mapper

Problem Context

Network engineers use pfSense to route traffic between VLANs, but hidden NAT/firewall rules keep changing source IPs unexpectedly. They need to see exactly how packets transform at each step, but current tools (tcpdump, Wireshark) require manual analysis and don’t show rule conflicts. Without visibility, they can’t trust their network setup, leading to delays and missed deadlines.

Pain Points

Users waste hours guessing where NAT rules are applied, only to find hidden firewall rules overriding their manual settings. They reset states, check logs, and even disable NAT—yet packets still get modified. The lack of a clear, automated way to trace packet changes forces them to rely on trial and error, which risks breaking critical workflows.

Impact

Every hour spent debugging NAT issues costs money—either in lost productivity or delayed projects. If a misconfigured rule blocks a client’s traffic, the entire team stops until it’s fixed. Without a reliable way to diagnose these issues, engineers can’t move forward, and businesses risk reputational damage from unreliable networks.

Urgency

This isn’t a ‘nice-to-have’—it’s a blocker. If the network isn’t working as expected, revenue-generating systems (like customer-facing APIs or internal tools) can’t function. Users need a solution now to unblock their teams and meet deadlines, not after weeks of manual troubleshooting.

Target Audience

Network engineers, IT infrastructure specialists, and MSPs who manage pfSense firewalls for businesses. Any organization with complex VLAN setups—especially those using pfSense for routing and firewall tasks—faces this problem. Even small teams with a single pfSense device struggle when NAT rules behave unpredictably.

Solution Approach

PacketFlow Inspector is a browser-based tool that connects to pfSense via its API to show *exactly- how packets transform as they move through the network. Instead of guessing from logs, users get a real-time visualization of packet flows, with clear labels showing which rules (NAT, firewall, etc.) modify the traffic at each step. It also detects hidden rule conflicts that override manual settings.

Key Features

1. Rule Conflict Detector: Flags hidden firewall or NAT rules that unexpectedly modify packets, even when manual rules are supposed to prevent it.
2. Historical Debugger: Lets users replay past traffic to diagnose issues that occurred hours or days ago.
3. Alerting: Notifies users when unexpected packet modifications are detected, so they can fix issues before they cause downtime.

User Experience

Users start by entering a source IP and destination (e.g., ‘192.168.5.100 → private server in VLAN6’). The tool pulls live data from pfSense and displays a flowchart of the packet’s journey, highlighting where IPs change and which rules caused it. If a rule conflict is found, it’s flagged with a warning. Users can drill down into past sessions to see how traffic behaved before a problem occurred.

Differentiation

Unlike Wireshark (manual) or pfSense logs (opaque), this tool *automatically correlates- packet changes with the exact rules that caused them. It’s the only solution that gives users a real-time, visual debug mode for pfSense networks, without requiring deep packet analysis skills. The proprietary rule conflict detection is unique—no other tool flags hidden rules that override manual settings.

Scalability

The tool works for any pfSense user, from small businesses to enterprises. Teams can add seats for additional engineers, and larger organizations can use the API to integrate packet flow data into their monitoring systems. Over time, users can unlock advanced features like automated rule optimization or compliance reporting.

Expected Impact

Users save *dozens of hours per week- by eliminating guesswork in NAT/firewall debugging. They can trust their network setup, unblock critical workflows, and avoid costly downtime. For businesses, this means faster project delivery, fewer emergency fixes, and a more reliable infrastructure—all while paying a small monthly fee instead of hiring consultants.