Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Allowing additional UDP ports after initial connection

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bdwr
      last edited by

      I have an SG-2440 in front of a gaming server running a program called Parsec (https://www.parsec.tv). Basically this software should allow a connection between a client and server to stream games. I am trying to connect to the server from a remote network.

      The issue I'm running into is that there are additional UDP port requests made after the initial connection, and they get blocked by the firewall since there is no explicit rule to allow them.

      I have a NAT rule that looks like this:

      
WAN    UDP    *    *    WAN address    8000 - 8005    <game server="">8000 - 8005    Parsec UDP 8000-8005</game>

      According to Parsec support, this is all that's needed to get the connection between the two machines going. When I initiate the connection though, it fails at the last step. I checked my firewall logs and noticed the following:

      
Jun 16 15:21:12	WAN    <client wan="">:63383     <server wan="">:33836    UDP
Jun 16 15:21:12	WAN    <client wan="">:63384     <server wan="">:54692    UDP
Jun 16 15:21:12	WAN    <client wan="">:63382     <server wan="">:16519    UDP
Jun 16 15:21:12	WAN    <client wan="">:63381     <server wan="">:29189    UDP
Jun 16 15:21:12	WAN    54.211.104.40:41284    <server wan="">:8632     UDP
Jun 16 15:21:12	WAN    54.211.104.40:41284    <server wan="">:2906     UDP
Jun 16 15:21:12	WAN    54.211.104.40:41284    <server wan="">:16864    UDP</server></server></server></server></client></server></client></server></client></server></client>

      I checked the block reason, and they're all getting caught by the "Default deny rule IPv4." Additionally, every time I attempt the connection and check the logs, a different set of random ports is used.

      I know that I need to create a rule to allow these connections, but I'm unsure of a few things:

      1. I think I need to allow a range of ports, but how? They are randomized and seem to go from UDP 2900-55000. Should I just allow UDP 1024-65535?
      2. If I end up needing to allow that range, what sort of security compromises am I making?

      I've also tried using only UPnP, and while I am able to see the server successfully map its ports on startup, the actual connection is still blocked by the firewall's default deny IPv4 rule.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.