Feature Request: outbound NATting port range



  • Hi,

    in our external office we switched from a leased line with 4 IP addresses and 1 DSL backup line to 2 DSL lines because they have much better quality then the leased line (bad thing). There is only 1 disadvantage: 1 IP per line…

    Because they need also pbx access for some phones we setup them and first all works nice - even 1st days after switching 2nd line to single IP. But then several times but not always calls were only singledirectional possible.

    I think we have here the situation which many people have:
    We need outgoing 1:1 NAT for special UDP Ports (PBX: 4000-4999, 5060, 10000-20000).
    And it makes no sense to setup thousands of single outbound NAT rules :D

    I saw that after switching to manual outbound NAT rules there was also a rule generated
    WAN  127.0.0.1/8  *  =>  *  1024-65535

    So it should be possible to let set such port ranges also by user?

    Thanks


  • Rebel Alliance Developer Netgate

    Make a port type alias that contains the ports and ranges you want. Use it in the red port field on the destination.



  • @jimp:

    Make a port type alias that contains the ports and ranges you want. Use it in the red port field on the destination.

    ah thanx…
    Thats then the same as manual outbound NAT generates for localhost network.

    In that case on dest port range is 1024-65535  (or less). So I guess that this is not a 1:1 NAT because localhost can have also Ports < 1024 as source port ?



  • ah and forgot (I tested it 2 weeks ago already)

    When creating alias it does not work, too:

    The following input errors were detected:

    4000-4999 is not a valid port or alias.
    10000-20000 is not a valid port or alias.


  • Rebel Alliance

    :D

    The following input errors were detected:

    4000-4999 is not a valid port or alias.
    10000-20000 is not a valid port or alias.

    What about:

    Port ranges can be expressed by separating with a colon



  • @ptt:

    What about:

    Port ranges can be expressed by separating with a colon

    ah yes… on the one firewall which still has the automatic written localhost => public:portrange has a colon...

    But I see nowhere such hint written (checked aliases, aliases => port, outbound nat overview/edit, firewall overview/edit).
    Perhaps it can be then added to the pages  as comment on which it makes sense? ;)

    Bests


  • Rebel Alliance Developer Netgate

    It's been there a long time…




  • @jimp:

    It's been there a long time…

    mmh, seems I must put my glasses off. Yesterday and last time I haven't seen it when opening this page…  :-[
    Thanks ;)