OPNsense Forum
English Forums => General Discussion => Topic started by: tgoodrich on December 31, 2017, 05:36:28 am
-
Hello,
I am trying to create some port forwards in outbound NAT but can't seem to figure out how to specify a port range correctly.
As an example I tried 27014:27050 but I get an input error on save.
Is it possible to specify a port range in outbound NAT or will I need to create the range in an Alias?
-
Like this? If so, then you need to first select "Other" and then the port range...
-
Like this? If so, then you need to first select "Other" and then the port range...
If I am understanding you correctly you are saying to choose "other" and enter the range as 27014 - 27050.
If so, I actually tried that and a few other variations with no success.
I tried 27014:27050, 27014 : 27050, 27014-27050, 27014 - 27050 but for some reason it just wouldn't work.
When I get my spare pc up and running with OPNsense I will give it another go.
-
Did you see the image I posted? Also, after selecting "(other)", you will have two fields that show up below "(other)" - one for "from" and the other for "to". The attached image is taken just after selecting "(other)" and entering in the desired port range.
-
Did you see the image I posted? Also, after selecting "(other)", you will have two fields that show up below "(other)" - one for "from" and the other for "to". The attached image is taken just after selecting "(other)" and entering in the desired port range.
Hmm, I may have found a bug or my eyes are getting worse then I thought lol.
I do not recall having both the To and From boxes come up after choosing "other" like in your pic. For me only one box came up. I really wish I still had OPNsense installed so that I can test it again.
Since I can't test at the moment, if you get a chance please try to create an outbound NAT rule with only a single port and save. Then "clone" that saved rule and try to change your single port to a port range. This was how I tried to create my NAT rule that needed the range. I would be very curious of your results.
If it still works as expected for you then I seriously wasn't paying attention when trying to create my port range. I just can't imagine I would make that kind of blunder but I suppose it's possible.
-
I think I see the issue here...
In your OP, you stated outbound "port forwards". When I read that I thought you meant Firewall --> NAT --> Port Forward. That is the section where I was able to setup the port range. In the actual "Outbound" section, I had to first setup an alias that had the port range and then use the alias as the source\destination ports in the NAT Outbound rule.
-
Thanks for the update!
Glad to know I'm not losing it lol ;D
I'm thinking the ability to add a port range in Outbound NAT would make a good feature request. I know creating an alias for the range works but in this case its just an unneeded extra step.
I hate comparing and hope no one takes offense but you can specify "Outbound NAT" port ranges like "27014:27050" in pfSense. However even their solution is not intuitive for noobs like myself. They use a single box with some text underneath that says "Port or Range". It took me forever to figure out how to actually specify the range.
I think if OPNsense was to add a port range option it would be more intuitive if they use the "To" and "From" for the range like in the Port Forward options.
-
Totally agreed on all points...folks here really shouldn't take offense re: any reference to pfSense. Being different doesn't mean absolutely better in every area. pfSense does do some things well but for the reasons discussed in the OPNsense docs, this platform has a lot of strong points and solid goals...