Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open specific port on all LAN ip addresses. Microcell Issue

    Scheduled Pinned Locked Moved NAT
    4 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SickestGuy
      last edited by

      So I just setup PFSense on a dedicated computer

      I normally can find the answer i'm looking for through google, but I'm not exactly sure how to search such a question.

      I understand how to port forwarding works on a basic level. It's pretty simple. But what if you don't know the LAN ip address that needs to be forwarded?

      For example, I have a few microcells connected to my network. And from what I understand, there is no direct LAN ip you can specify to it.

      So I'm assuming I needed to open ports for the microcell on a LAN Ips in the network.

      How would a person open a port on all LAN IPs?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Microcells usually do an IPSec tunnel or something and don't require inbound ports to be opened.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • chpalmerC
          chpalmer
          last edited by

          Yep  That^

          Ive got a network with both (1x) Verizon and (2x) AT&T microcell's (network extenders as they call em) and they just work.

          Plug them in. Make sure their GPS antenna can "see the sky" and give them about 20 to 30 minutes.    You need to have a DHCP server active. You can assign them a static address via your DHCP though which I do.

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • G
            GomezAddams
            last edited by

            You don't need to do any port forwards for microcells.

            There is a bug where pfsense sometimes doesn't NAT outbound ISAKMP (udp/4500) packets if they are fragmented (they frequently are). To my knowledge, this bug has not been acknowledged by the maintainers (but then again, I haven't looked too deeply).

            My solution was to disable packet scrubbing, and delete the NAT rule for IPSec that is automatically created (you have to change from automatic rules to manual to be able to delete it).

            This thread: https://forum.pfsense.org/index.php?topic=103503.0 mentions other possible fixes which seem to contradict my fix.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.