Home/Support/Support Forum/Firewall not letting some NAT ports 23 through
New and improved user forum site coming soon
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Firewall not letting some NAT ports 23 through

0 votes
#Allow outbound FTP traffic
pass out break end proto ftp from any to any port=ftpcnt flags S!A inspect-state
#Allow any other outbound traffic and the replies back in
pass out break end inspect-state
#Allow incoming IPSEC
pass break end proto 50
pass in break end proto udp from any to any port=ike
pass in break end proto udp from any to any port=4500
#Allow any traffic within an IPSEC tunnel in both directions
pass break end oneroute any
#Allow incoming SSH and SFTP
pass in break end proto tcp from any to any port=22 flags S!A inspect-state
#Allow incoming HTTPS
pass in break end proto tcp from any to any port=443 flags S!A inspect-state
#Block and log everything else including incoming telnet, http and FTP
block log break end
asked Apr 25, 2016 in Digi TransPort Cellular by Desmogger New to the Community (3 points)

Please log in or register to answer this question.

2 Answers

0 votes

Not sure what you are trying to do as the basic firewall ruleset does not allow Telnet inbound.

it should allow all traffic outbound if this is applied to PPP interface / Wan interface.

if the firewall is enabled on local lan interface nothing would work


answered Apr 26, 2016 by James.Wilson Veteran of the Digi Community (1,227 points)
0 votes

Very Simple connecting to a BAMS 1022 PM2.5 sampler via ethernet port Usually NAT Port 4000 to internal

Ports 9881 & 9887 redirect to internal (an 8832 ESC Data Logger which requires port 9881 & 9887 they seem to work.
answered Apr 26, 2016 by Desmogger New to the Community (3 points)

With out the full configuration if you are using port forwarding you need to make sure you have NAT enabled with option 2  "IP and Pot Numbers"  this is needed to do port number changes.

if you have other port mapping that use the same port number in and out the default nat rul is usally just set to 1 (ip only)

for further help i would need to see a full Debug to see what is happening


Thanks how do I send you the debug file?  Man I am getting all sorts of GP socket connection from all over the flicking world and it closed down my dang WR41 this morning requiring a reboot again Did it also last weekend. I need firewall help.
is the file called debug.log?
the devices you are connecting over the internet has this got a fixed IP on the internet?

You should enable the firewall and only allow access to the ports you want


pass in break end on ppp 1 from x.x.x.x to addr-ppp1 port 8800 >< 8900 > to

if you need further assistance you should contact tech.support@digi.com