Cant port forward Ports 389 TCP and 8021 UDP
-
Curious as to why PFSense is telling me that these are already in use when I am trying to forward from a unique Carp external IP address to a LAN address..?
389 LDAP is used by some spam protection services to sync email account details with their services, I am not too worried about this because I would end up using 636 LDAPS SSL anyway if I was going to but would like to know why it happens..?
As for 8021 we have come across a FTP server that uses this port as well as 21 and whilst I'm not sure that it needs to be UDP I am sure that the previous tech set up 8021 UDP/TCP on our old router and it was working..?
-
Where are you seeing "already in use"? And what's the exact error message, "already in use" doesn't exist anywhere related in our source.
-
I cant reproduce the 389 issue as after a reboot it has gone through however trying to change the 8021 port from TCP to TCP/UDP comes up with this exact message:
The following input errors were detected:
The destination port range overlaps with an existing entry.on the:
Firewall: NAT: Port Forward: Edit
page for 8021 -
I suspect that's the same message you were getting before. That means you're trying to forward the same port on the same public IP more than once, which is impossible and hence prohibited. You already have a port forward using 8021 on that public IP.
-
I didnt think I was creating multiple rules to the same address with that port!
There is only one entry for the port forward to 8021 and it will only allow me to set it to TCP and not TCP\UDP for some reason.
Cant modify it to TCP\UDP! -
I just tried to turn off Nat Reflection for a VPN Rule and I got the following message:
The following input errors were detected:
The destination port range overlaps with an existing entry.The rule in question was:
If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports Description
WAN1 TCP/UDP * * CarpAddress1 1723 (PPTP) LAN1Address 1723 (PPTP) CarpAddress1 Port forward 1723 to LAN1Address
WAN1 TCP/UDP * * CarpAddress2 1723 (PPTP) LAN2Address 1723 (PPTP) CarpAddress2 Port forward 1723 to LAN2Address
CarpAddress1 and CarpAddress2 are valid Carp Virtual IPs that the ISP has provided….. as part of the block
LAN1Address and LAN2Address are devices on the respective lans one being via an opt interface with unique subnets like:192.168.1.100 and 192.168.2.100
however I am trying to turn of nat reflection on one of them and getting the error above! the other is set to default!
-
The destination port range overlaps with an existing entry.
Even though it doesnt!Im not trying to change the ports I just want to switch Nat reflection from enabled to disabled or default