Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question about NAT static ports

    Scheduled Pinned Locked Moved NAT
    4 Posts 4 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fleetscut
      last edited by

      I have a question about NAT rules/Port forwarding. Recently i was trying to play some 3DS games online however I was getting connection problems. I have the proper ports forwarded to the internal static address however I was still getting connection errors. After some checking it turned out the issue was that I needed to set up an outgoing NAT rule to allow for static ports.

      From how I understand NAT's when a message gets sent externally the NAT will change the external port that gets sent to the server. When the server replies it will reply to the external port and the NAT will use its internal tables to translate that port back into the internal one as well as the address.

      My question is what is the static port NAT rule for if the NAT will do a translation between the external and internal ports? Or is it needed because the game server will only accept packets from a specific port, and because the NAT will choose its own external port the server would reject the packets?

      Also does anyone have some good reading material that I can use to learn more about NAT's?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        NAT with static port means that the source port of packets is NOT translated when they are sent out to WAN. So the source port of a packet is the same as it comes from the game console.

        1 Reply Last reply Reply Quote 0
        • H
          harleyip
          last edited by

          If the source is 19bit with NAT address is 24bit and the translation pool options is Source Hash with static port, will it be possible to have duplicate outgoing entries (same NAT address and port number) for multiple source hosts? If so, how to prevent this happen assume the static port is required. Many thanks.

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            @harleyip:

            If the source is 19bit with NAT address is 24bit and the translation pool options is Source Hash with static port, will it be possible to have duplicate outgoing entries (same NAT address and port number) for multiple source hosts? If so, how to prevent this happen assume the static port is required. Many thanks.

            The 19-bit vs. 24-bit part of your question makes no sense at all. A /19 IP address is just one IP address with 65536 different ports (different sets for TCP and UDP though) just like a /24 IP address is. The CIDR part (or netmask in the older way of expressing the same thing) only denotes what kind of subnet (maximum number of hosts in other words) is used in the directly connected network segment.

            For example if you have a host on the LAN that uses UDP port 12345 for sending data and you use static port pfSense would allocate UDP port 12345 on the WAN interface for the connection. Any other LAN host trying to use the UDP 12345 with static port would collide with the first host, no it wouldn't work. The PF packet filter and address rewriting engine doesn't have an option to first allocate a source port dynamically but then to keep it static for the subsequent connection from the same LAN host, that would solve this problem nicely if it was available.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.