Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is it possible to open dynamicly ports?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 654 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      talishka
      last edited by

      Hi! I have the following scenario, a server (lan) behind a pfsense, and one client (maybe two) on the internet which needs to connect to the server/service (the gw has a static ip, no dynamic dns). I do now want to create a static port forwarding to avoid security issues.

      I need to open automatically a specific port only when it's going to be used, so a user from the internet can access to this server/service behind the pfsense (which has none authentication). Is it possible? which would be the correct approach? Maybe UPNP could help? I need some light with this.

      Any help is appreciated!

      Thanks!

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        If the server supports UPnP then that could work.

        I would prefer to open the ports permanently but only for connections from the required clients.
        Do you know where the clients are connection from? Can they use DynDNS?

        Steve

        T 1 Reply Last reply Reply Quote 1
        • T Offline
          talishka @stephenw10
          last edited by

          @stephenw10 At the moment i'm not sure if the server supports Upnp, i have to investigate a little bit more.

          This approach sounds interesting, you mean create the permanent rule, but limit the connection's source with a hostname instead of a specific ip?

          Thanks for your reply Steve.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Yes, that is if the clients that are connecting don't have a fixed IP.
            If they do have a fixed IP you can just that directly of course.

            My home IP is dynamic so I use a dyn dns name configured in pfSense and can then limit inbound connections on other remote resources to that. So instances in AWS or GCP have open ports but only for connections from my dyndns hostname.

            Steve

            T 1 Reply Last reply Reply Quote 1
            • T Offline
              talishka @stephenw10
              last edited by

              @stephenw10 I'll try it out!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.