Setting up for unusual outbound port



  • Hello

    I am trying to setup an outbound connection for a specified port. I am using pfSense ver 2.2.2, and the outbound port must be 17992. Since there is no specified IP for the destination, should my rule looks as follows:
    Proto              Source              Port                Destination              Port      Gateway
    TCP                    *                      *                          *                      17992          *

    The Source Port cannot be set to any particular port number. I am using another rule and modifying it, so is that why I cannot specify a port number.

    Also, what is the default time on the UDP ports, and how can that be changed if needed.

    Thanks


  • Banned

    No idea what are you setting up there. So, you are blocking outbound traffic and want to allow outbound traffic to a port? Yeah, so allow it, what's special about 17992?  ??? ??? ???



  • Also, what is the default time on the UDP ports, and how can that be changed if needed.

    Time?  Did you mean to say timeout?


  • Banned

    Also unsure why's he asking about UDP timeout while showing a rule with TCP. Perhaps that's why the rule does nothing useful for him?



  • @skeating:

    … an outbound connection for a specified port.

    Do you mean to a specified port or from a specified port?

    Which application protocol (e.g. HTTP, FTP, Telnet, ssh, POP, SMTP, …) do you want/need to use?

    I'm under the impression you want something like
    http://www.example.com:17992
    and search at the wrong end.


  • Netgate

    If you must always egress sourcing from port 17992 you need to be looking at static port on outbound NAT. As an example, the default rules there for ISAKMP (IPsec) passthrough are static source port 500.

    The easiest way to increase the UDP state timeout period is to switch from Normal to Conservative in System > Advanced, Firewall and NAT. From memory I believe that takes the UDP state timeout from 60 to 300 seconds. Run pfctl -st to see what they are.



  • I'm not getting any email telling about the responses to my post, so that is the reason for the time lag. I am trying to setup an Outbound Rule to allow 17992. The example I gave is what I had set up, but know is not correct. So how do I set it up? How do I allow Outbound? I tried the link to www.example.com:17792, but it did not take me anywhere. Can I set the UDP state timeout for 30 minutes (1800 sec)?


  • Banned

    Yah, still clear as mud. (And no, links to example.com won't ever take you anywhere.) Please, describe what exactly is your goal and what does not work.


  • Rebel Alliance Global Moderator

    Dude post up your rules on your interface.. The default rules are ANY ANY.. So any port you want to talk on be it udp or tcp would be allowed.  If you have modified those rules, and are wondering why a rule you created is not working.  Need to use see your rule list so we can tell what could be blocking it.

    If you really want UDP, your rule you show is TCP - so that would never work.  Why do you think you need a UDP timeout of 1800 Sec??  That is a very long time for a UDP session without any traffic on it..