Is it possible to open dynamicly ports?
-
Hi! I have the following scenario, a server (lan) behind a pfsense, and one client (maybe two) on the internet which needs to connect to the server/service (the gw has a static ip, no dynamic dns). I do now want to create a static port forwarding to avoid security issues.
I need to open automatically a specific port only when it's going to be used, so a user from the internet can access to this server/service behind the pfsense (which has none authentication). Is it possible? which would be the correct approach? Maybe UPNP could help? I need some light with this.
Any help is appreciated!
Thanks!
-
If the server supports UPnP then that could work.
I would prefer to open the ports permanently but only for connections from the required clients.
Do you know where the clients are connection from? Can they use DynDNS?Steve
-
@stephenw10 At the moment i'm not sure if the server supports Upnp, i have to investigate a little bit more.
This approach sounds interesting, you mean create the permanent rule, but limit the connection's source with a hostname instead of a specific ip?
Thanks for your reply Steve.
-
Yes, that is if the clients that are connecting don't have a fixed IP.
If they do have a fixed IP you can just that directly of course.My home IP is dynamic so I use a dyn dns name configured in pfSense and can then limit inbound connections on other remote resources to that. So instances in AWS or GCP have open ports but only for connections from my dyndns hostname.
Steve
-
@stephenw10 I'll try it out!