Outbound NAT Static port help



  • Hello I'm having a issue where i have source port re-writes disabled buy making a outbound rule for my host pc (172.16.20.221) to any destination any port and the Static Port option checked and the rule at the top of the list. Also Manual Outbound rule generation is checked. Below are some packet captures.

    Running telnet Server WAN IP 18082
    WAN Capture:
    12:23:13.214005 IP MY WAN IP.54025 > Server WAN IP.18082: tcp 0
    12:23:16.215007 IP MY WAN IP.54025 > 70.89.169.168.18082: tcp 0
    12:23:22.215466 IP MY WAN IP.54025 > 70.89.169.168.18082: tcp 0

    LAN Capture:
    12:24:28.888489 IP 172.16.20.221.54036 > Server WAN IP.18082: tcp 0
    12:24:31.890122 IP 172.16.20.221.54036 > Server WAN IP.18082: tcp 0
    12:24:37.888038 IP 172.16.20.221.54036 > Server WAN IP.18082: tcp 0

    Firewall: NAT Outbound Rules
    Manual Outbound NAT rule Generation (AON) Checked
    WAN >172.16.20.221/32 * * * * * Static Port -YES

    WAN  172.16.20.0/24 * * 500 * * YES
    Auto created rule for ISAKMP - LAN to WAN 
    WAN  172.16.20.0/24 * * * * * NO
    Auto created rule for LAN to WAN 
    WAN  127.0.0.0/8 * * * * 1024:65535 NO
    Auto created rule for localhost to WAN 
    WAN  192.168.1.0/24 * * 500 * *  YES
    Auto created rule for ISAKMP - LAB to WAN 
    WAN  192.168.1.0/24 * * * * * NO
    Auto created rule for LAB to WAN 
    WAN  127.0.0.0/8 * * * * 1024:65535 NO

    Any Ideas what else to check?


  • Rebel Alliance Developer Netgate

    Your capture isn't really a good test since they were not done on both interfaces simultaneously, and telnet will use a dynamic source port.

    Check the state table - Diagnostics > States . Filter on your IP. Check the entries that look like:

    LAN.IP:YYYY -> WAN.IP:YYYY -> Server:ZZZZ

    As long as the port on the LAN and WAN IPs match, static port is working correctly.