Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Corporate Acceptable Use Agreement

    Scheduled Pinned Locked Moved NAT
    9 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfdarth
      last edited by

      Hi guys! I just recently changed from winroute to pfsense due to a very good evaluation of the latter. In winroute during the initial setup the following ports are the only allowed open ports behind winroute, meaning you can only use ports 80, 443, 143, 110, 25, 20-21, 23, and 53 to run a very tight ship, with this it can ultimately prevent P2P and other applications from hogging all the bandwidth.

      When I changed to pfsense I noticed that every port on outgoing NAT is open, now my question is how can I specify the above ports to be the only ones allowed?

      Please be so kind to teach me. :-)

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Create an alias with all the ports you want to allow.
        Change the default "allow all out" rule so that the "destination port" is not any, but your alias.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • P
          pfdarth
          last edited by

          I've done the alias but where do I exactly put it, sorry but I'm really new at this.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Go to the firewall rules
            Press the e-button on the right side.
            The red field for "destination"

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • P
              pfdarth
              last edited by

              Got it to work but somehow I think I made an error on the port ranges, is this the correct format? 20:21 for ports 20 to 21 then also like 25:26 for ports 25 to 26? It says that if I want to add port ranges I just need to separate it with a colon punctuation but when I try it doesn't seem to load properly. I noticed that somehow my browsing speed has slowed down or its just me. :-)

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                Yes that's how you define a port-range.
                Like for 100 to 200 you write: "100:200"
                What exactly do you mean with "it doesn't seem to load properly"?

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • P
                  pfdarth
                  last edited by

                  Here's the error when I do that:

                  There were error(s) loading the rules: no IP address found for 25:26/tmp/rules.debug:134: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [26 /tmp/rules.debug]: nat on $ng0 from 192.168.0.0/24 to any -> (ng0)…

                  My Alias is Corporate

                  80, 443, 143, 110, 25:26, 20:21, 53

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschliG
                    GruensFroeschli
                    last edited by

                    Can you show screenshots of how you've set it up?

                    Attached how it does work.

                    rule.PNG
                    rule.PNG_thumb
                    test.png
                    test.png_thumb

                    We do what we must, because we can.

                    Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                    1 Reply Last reply Reply Quote 0
                    • P
                      pfdarth
                      last edited by

                      I got it to work finally! Yihaa! Thanks for the hints and guidance sir!  ;D ;D ;D

                      Hmmm, I encountered something really annoying, when the alias and the rule are enabled I noticed that internet browsing is painfully slow including other normal internet related applications, I uninstalled squid and its still the same problem. When I disabled the rule the browsing speed returned to normal.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.