NAT & static port

  • Hello,

    I have been using pfsense for some months. It seems to be working, but I do have some problems with IP-address and ports.
    Until recently, I have noticed that ports are changed to random ports on the Internet.

    I selected Manual Outbound NAT rule generation to prevent pfsense of changing ports, and I did change a NAT rule, but no luck.

    I want to set a static port on a specific LAN-address, called and the static port must be 10666 (Zandrorum).

    My rule is shown below. What is wrong?

  • Change it to manual and create a new rule above the existing rules.

    Since this is for a remote game server, don't restrict the source to a single LAN IP. Let the source be the LAN subnet and any port. Just define the destination port as 10666.

  • I did make your suggestions, but again no luck:

    Firewall log:
    Sep 3 20:12:45 pf: > 950+ A? (38)

  • Try leave the destination port as empty.

  • @mrfusker:

    Until recently, I have noticed that ports are changed to random ports on the Internet.

    Right, these are called ephemeral ports, and that is how TCP is intended to work. The server opens the service port, the client opens a random ephemeral port for that session. What exactly are you trying to accomplish? I don't believe your rule is going to work as intended, but I don't really understand what you're trying to do.

    If you're attempting to host a server, you probably want port forwarding and not outbound NAT.
    If you're attempting to connect to a server, what's going wrong? Are you sure that the port is actually being forwarded correctly and open on the other end? A good way to test this is with the port tester on

  • Games usually use fixed ephemeral ports. That's why static NAT is required for some games.

    Thats also why it's sufficient to simply specify either just the source port or a known server and destination port in a rule and enable static NAT. Either one will match the game and will not randomise the ephemeral port.

Log in to reply