Feature Request: outbound NATting port range

Reiner030

Hi,

in our external office we switched from a leased line with 4 IP addresses and 1 DSL backup line to 2 DSL lines because they have much better quality then the leased line (bad thing). There is only 1 disadvantage: 1 IP per line…

Because they need also pbx access for some phones we setup them and first all works nice - even 1st days after switching 2nd line to single IP. But then several times but not always calls were only singledirectional possible.

I think we have here the situation which many people have:
We need outgoing 1:1 NAT for special UDP Ports (PBX: 4000-4999, 5060, 10000-20000).
And it makes no sense to setup thousands of single outbound NAT rules :D

I saw that after switching to manual outbound NAT rules there was also a rule generated
WAN 127.0.0.1/8 * => * 1024-65535

So it should be possible to let set such port ranges also by user?

Thanks

jimp

Make a port type alias that contains the ports and ranges you want. Use it in the red port field on the destination.

Reiner030

@jimp:

Make a port type alias that contains the ports and ranges you want. Use it in the red port field on the destination.

ah thanx…
Thats then the same as manual outbound NAT generates for localhost network.

In that case on dest port range is 1024-65535 (or less). So I guess that this is not a 1:1 NAT because localhost can have also Ports < 1024 as source port ?

Reiner030

ah and forgot (I tested it 2 weeks ago already)

When creating alias it does not work, too:

The following input errors were detected:

4000-4999 is not a valid port or alias.
10000-20000 is not a valid port or alias.

ptt

:D

The following input errors were detected:

4000-4999 is not a valid port or alias.
10000-20000 is not a valid port or alias.

What about:

Port ranges can be expressed by separating with a colon

Reiner030

@ptt:

What about:

Port ranges can be expressed by separating with a colon

ah yes… on the one firewall which still has the automatic written localhost => public:portrange has a colon...

But I see nowhere such hint written (checked aliases, aliases => port, outbound nat overview/edit, firewall overview/edit).
Perhaps it can be then added to the pages as comment on which it makes sense? ;)

Bests

jimp

It's been there a long time…

port_alias_range.jpg_thumb

Reiner030

@jimp:

It's been there a long time…

mmh, seems I must put my glasses off. Yesterday and last time I haven't seen it when opening this page… :-[
Thanks ;)