Can i restrict the number of ports for NAPT configuration



  • Hi,
    I have a following setting:
    WAN interface with One IPv4 public IP address and LAN interface with IP address from RFC1918 range. I have around 5 hosts on the LAN side.
    I want to try some things out an was wondering is it possible to configure pfsense to restrict the number ports i.e. restrict the number of ports to (TCP/UDP) 100 only, so 100 ports shared among 5 hosts. Is it possible to configure pfsense in this manner?

    Thanks



  • not easily, AFAIK.  why would you want to do this?



  • @danswartz:

    not easily, AFAIK.  why would you want to do this?

    Hi,
    Reason for doing this is to test some one my applications in the scenario when there is not enough ports for translation and their behavior. Can you provide any details on would need to done in order configure it as i require.

    Thanks



  • Creating a firewall rule that limits the number of state entries for your one machine should simulate that effect.



  • @blak111:

    Creating a firewall rule that limits the number of state entries for your one machine should simulate that effect.

    Hi,
    Could you provide an example how i could do this.

    Thanks



  • Firewall > Rules > LAN > add new rule
    Set the action to Pass
    Set the Protocol to TCP/UDP

    Click Advanced Options
    Set the Simultaneous client connection limit to 100 and click save.

    Then create a new firewall rule after that one to block all of the traffic. This is because once the connections are maxed out for that rule, the traffic continues through the firewall rules.


Locked