Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Set specific NAT Timers

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 973 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheIlleist
      last edited by

      Hi All,

      Is it possible to directly set the NAT timeouts somehow?
      I know you can change 'Advanced > Firewall/NAT > Firewall Optimisation Options' from normal to conservative, but this is bogging the show down horrendously due to all the other timers being increased and the states table topping out.
      I just need to increase the following timers, all the others are fine:
      udp.single
      udp.multiple

      Can these be set directly via the shell? (if so, does anyone know the relevant command?)
      Or, is it possible to create an extra 'profile' containing our own timer values that can be applied under Firewall Optimisation Options?

      Thanks

      1 Reply Last reply Reply Quote 0
      • T
        TheIlleist
        last edited by

        I also have some more questions that I'm hoping someone can help with (in particular i'm interested in UDP behaviour, but if you know of TCP based behaviour and any differences with UDP, that would be much appreciated!):

        1. What is the behaviour of the NAT timer resets? (i.e. are timers reset only by outbound packets using a specific NAT binding or, only by inbound packets, or packets in either direction?)
        2. Would I be correct in saying that by default, pfSense implements Symmetric NAT?
        3. If yes to question 2, can it be changed to a restricted, port restricted or full cone variant of NAT?
        4. If not, does it use a port restricted NAT? (From it's behaviour, I'm guessing it does not implement restricted or full cone NAT)
        5. Does the NAT used in pfSense attempt to preserve the local host port during the binding process, if so, how rigorously? (i.e. does only the most recent request from of two local hosts on the same port bound, or does it produce separate bindings for each host?)
        6. Is the NAT behaviour the same for all bindings (i.e. primary, secondary and tertiary bindings)?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.