UDP Port 40000



  • Hi All

    Please can you help me i have a service that requires to use UDP port 40000 but it seems to be used by pfsense for somrthing

    Is there any way to check what is using port 40000 on the pfsense box and how to disable or more the port

    Thanks in advance

    Colin


  • Rebel Alliance Global Moderator

    40000 would not be used by pfsense for anything.

    Where did you get the idea that pfsense was using that port?  Did you see it in a state table or something?



  • Hi

    Thanks for the reply

    I have been struggling with this port for a while now. I also have port 40001 forwared in the same rule and that works perfectly.

    What made me suspect PF is this post i found https://forum.pfsense.org/index.php?topic=32523.0

    Regards

    Colin


  • Rebel Alliance Global Moderator

    Not sure what that thread is about - but pfsense would not broadcast anything with source port 40000..  The OP never actually posted what he thought he was seeing.

    There is nothing that I know of that pfsense would use that port for..
    http://www.speedguide.net/port.php?port=40000

    It sure doesn't run safetynet that is for sure.  And no games would running on pfsense.  So can you post where your seeing port 40000 in use..  A simple netstat -an would show you the ports pfsense is listening on.

    So you see anything in the state table using that port?  It could be possible that pfsense created a state with that port since something through was talking and that was a port used??

    Can you post up your rules..  So did you go through the guide on troubleshooting port forwarding?
    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting



  • Hi

    Thanks for coming back

    I have checked the netstat command but i cannot see anything. an run throught the toubleshooting with no effect is still dosent work on port 40000 bu ok on port 40001.

    It is very odd. as all other rules work correcty apart from port 40000

    Regards

    Colin


  • Rebel Alliance Global Moderator

    So you ran through the troubleshooting.. And you see traffic to 40000 on udp hit your wan via a sniff, and then it what?  It doesn't go anywhere.  You see it go out your lan to where your trying to forward it.. But don't get an answer?

    You can connect to this device behind pfsense that your trying to forward 40000 to from the local network?  Ie its actually listening on 40000?

    The troubleshooting guide will help you find the source of your issue in like 2 minutes.  A simple packet capture on pfsense will show you that traffic hits your pfsense wan interface, and then it either gets forwarded out your lan or opt interface to the IP you forwarded too or it does not?  If your seeing the traffic on the wan and not out the lan side.

    Then something not right in your rules.  Post them..



  • Hi

    I have done some grabs from the WAN and LAN interface.

    I see the packets leave the WAN but on return i see ICMP Desination Unreachable (Port Unreachable)

    a screen shot of my rule is attached

    regards

    Colin



  • Rebel Alliance Global Moderator

    " i see ICMP Desination Unreachable (Port Unreachable)"

    Where do you see this, you mean the packets leave the LAN.. ie pfsense forwarded them to the IP your wanting to forward too and it sends back port unreachable?

    So your hiding your dest IP, is that some vip on your wan?  Why are you hiding the dest IP, is that not rfc1918 space?  Its also a public IP?  So you have a routed public range behind pfsense?  Your natting public to public?

    Pfsense would not send back unreachable via wan, unless you setup some sort of reject rule.  So if your seeing unreachable I have to assume its where your trying to send it saying hey not listening on that port!



  • Hi

    Sorry if I am giving the wrong information or not the correct info

    I see this on the WAN side of the grab.

    Maybe I should give a little background of what I am trying to achieve. the ports I require are 20001 - 20005 TCP / UDP and 40000 - 40001 UDP 80 TCP 443 TCP and 557 TCP

    All ports are working correctly apart from port 40000 which the forward does not work correctly on.

    We have multiple external wan addresses and I have used one of these for this purpose setting it up using the virtual IP and have checked this from a external PC and have access using the WAN Address

    My internal lan addresses are 172.27.44.x and WAN Address is 62.255.210.x

    Hope this explains it better

    Regards

    Colin


  • Rebel Alliance Global Moderator

    No it doesn't  So you see traffic to your wan IP your port forwarded on to 40000, and do you see that go out your LAN where you forwarded it to 172.27.44 – WTF you would hid a rfc 1918 is beyond me???

    Where are you seeing this icmp unreachable from??  Pfsense does NOT send a unreachable unless you have setup a REJECT..  What are you firewall wan rules?  So if your seeing one, then it must of came from the client after pfsense forwarded the traffic to your 172.27 host..

    So lets ask this again, which is clearly gone over in the troubleshooting guide.. Did you sniff on your LAN interface.. What do you see there??