Re: [pfSense-discussion] php: : Not installing nat reflection rules for a port range > 500 (1.2-RC2)

Sun, 11 Nov 2007 13:03:42 -0800 

Scott
I have looked into this some more, yes I do have one range > 500, for Asterisk VOIP, which seem standard practice, of WAN UDP 10001 - 16383 192.168.x.x (ext.: a.b.c.d) 10001 - 16383. 


The funny thing is they have been there for ages and did not exhibit this, 
it was only when I added the 4th RDP singleton that the message started 
coming up.


On rebooting it came up twice in the log in the initial bootup cycle.

Here is the section, it does not appear again.

Nov 11 22:39:29 dhcpd: All rights reserved.
Nov 11 22:39:29 dhcpd: Copyright 2004-2006 Internet Systems Consortium.
Nov 11 22:39:29 dhcpd: Internet Systems Consortium DHCP Server V3.0.5
Nov 11 22:39:17 pftpx[403]: listening on 127.0.0.1 port 8021
Nov 11 22:39:17 pftpx[403]: listening on 127.0.0.1 port 8021

Nov 11 22:39:10 php: : Not installing nat reflection rules for a port range 
> 500
Nov 11 22:39:09 php: : Not installing nat reflection rules for a port range 
> 500

Nov 11 22:39:03 kernel: pflog0: promiscuous mode enabled
Nov 11 22:38:38 sshlockout[327]: sshlockout starting up
Nov 11 22:38:38 sshlockout[327]: sshlockout starting up
Nov 11 22:38:38 sshd[325]: Server listening on 0.0.0.0 port 22.
Nov 11 22:38:38 sshd[325]: Server listening on :: port 22.


Is this correct behaviour or should port ranges be limited to < 500?  (Or 
perhaps entered as two sequential ranges?)


David


----- Original Message ----- 
From: "Scott Ullrich" <[EMAIL PROTECTED]>

To: <[email protected]>
Sent: Saturday, November 10, 2007 5:22 AM

Subject: Re: [pfSense-discussion] php: : Not installing nat reflection rules 
for a port range > 500 (1.2-RC2)




You most likely have a port range defined.

Scott


On Nov 9, 2007 2:26 AM, Tortise <[EMAIL PROTECTED]> wrote:

Hi Team


I added a rule for MS TS access to 3389, I get logged "php: : Not 
installing

nat reflection rules for a port range > 500" and the connection does not
seem to be created.

I cannot however find a port range > 500 and the port added is a single
port.

Can anyone advise me on this please?

Kind regards

David

PS on reviewing all my rules it seems that UDP NAT entries may have been
erroneously automatically entered in rules as TCP rules?


























					Reply via email to