• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

NAT & static port

Scheduled Pinned Locked Moved NAT
6 Posts 4 Posters 2.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mrfusker
    last edited by Aug 31, 2013, 12:17 PM

    Hello,

    I have been using pfsense for some months. It seems to be working, but I do have some problems with IP-address and ports.
    Until recently, I have noticed that ports are changed to random ports on the Internet.

    I selected Manual Outbound NAT rule generation to prevent pfsense of changing ports, and I did change a NAT rule, but no luck.

    I want to set a static port on a specific LAN-address, called 192.168.40.12 and the static port must be 10666 (Zandrorum).

    My rule is shown below. What is wrong?

    1 Reply Last reply Reply Quote 0
    • K
      kathampy
      last edited by Sep 2, 2013, 4:57 AM Sep 2, 2013, 4:52 AM

      Change it to manual and create a new rule above the existing rules.

      Since this is for a remote game server, don't restrict the source to a single LAN IP. Let the source be the LAN subnet and any port. Just define the destination port as 10666.

      1 Reply Last reply Reply Quote 0
      • M
        mrfusker
        last edited by Sep 3, 2013, 6:14 PM

        I did make your suggestions, but again no luck:

        Firewall log:
        Sep 3 20:12:45 pf: 192.168.40.12.55443 > 192.168.40.1.53: 950+ A? master.zandronum.com. (38)

        1 Reply Last reply Reply Quote 0
        • A
          asmat
          last edited by Sep 5, 2013, 2:45 AM

          Try leave the destination port as empty.

          1 Reply Last reply Reply Quote 0
          • T
            timthetortoise
            last edited by Sep 5, 2013, 1:20 PM

            @mrfusker:

            Until recently, I have noticed that ports are changed to random ports on the Internet.

            Right, these are called ephemeral ports, and that is how TCP is intended to work. The server opens the service port, the client opens a random ephemeral port for that session. What exactly are you trying to accomplish? I don't believe your rule is going to work as intended, but I don't really understand what you're trying to do.

            If you're attempting to host a server, you probably want port forwarding and not outbound NAT.
            If you're attempting to connect to a server, what's going wrong? Are you sure that the port is actually being forwarded correctly and open on the other end? A good way to test this is with the port tester on http://www.yougetsignal.com.

            1 Reply Last reply Reply Quote 0
            • K
              kathampy
              last edited by Sep 5, 2013, 2:03 PM Sep 5, 2013, 2:01 PM

              Games usually use fixed ephemeral ports. That's why static NAT is required for some games.

              Thats also why it's sufficient to simply specify either just the source port or a known server and destination port in a rule and enable static NAT. Either one will match the game and will not randomise the ephemeral port.

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received