Messages

Hmm, actually, it's not colliding. After thinking about it, it makes sense: A TCP connection is uniquely identified by the combination of the source IP address, source port number, destination IP address, and destination port number. So no issue there as long as not all four tupels are the same.


x.x.x.199 is the external IP that is configured for both internal IPs 10.10.10.241 and 10.10.10.242.

Started two TCP connections from the same source port 12346 to two different destination IPs on port 80, works:

Code Select Expand

pfctl -s state | grep 12346
all tcp 193.99.144.85:80 <- 10.10.10.242:12346       ESTABLISHED:ESTABLISHED
all tcp x.x.x.199:12346 (10.10.10.242:12346) -> 193.99.144.85:80       ESTABLISHED:ESTABLISHED

all tcp 142.250.186.35:80 <- 10.10.10.241:12346       ESTABLISHED:ESTABLISHED
all tcp x.x.x.199:12346 (10.10.10.241:12346) -> 142.250.186.35:80       ESTABLISHED:ESTABLISHED


I'm currently in the process of migrating an existing old PfSense 2.6.0 installation to OpnSense 25.7.

The guy that was here before me configured multiple manual NAT Outbound rules on the same IP with static Port enabled.
The external IP ending in .199 is used for three internal machines: 10.10.10.199, 10.10.10.241 and 10.10.10.242.

In practice, there don't seem to be any issues, everything seems to work fine. But I suspect that is just because there is not too much traffic on those three machines which will make a source port collision quite unlikely given that there are thousands of source ports.

Is that actually a good idea? What will happen, if those those three machines use the same source port? Since the source port is static, it will lead to collisions, or?