Joined: 03 Sep 2012
|Posted: Thu May 16, 2013 12:24 Post subject: limit TCP/UDP port used on outgoing masquarading/nat
For some reason Indian ISP do not allow me to use port over ~40000, so how do I limit the port used for TCP/UDP to eg. 5000-25000 ?
There is a menu option i web-gui administration/management
TCP Congestion Control
Maximum Ports (Default: 4096, Range: 256 - 4096)
TCP Timeout (in seconds) (Default: 3600, Range: 1 - 86400)
UDP Timeout (in seconds) (Default: 120, Range: 1 - 86400)
But I'm not able to set UDP port any were.
Something like this
Joined: 18 Sep 2010
|Posted: Thu May 16, 2013 22:16 Post subject:
|The ISP limits which ports, the source ports or destination ports?
Those settings in the GUI are NOT for controlling the port range. They’re for controlling the QUANTITY of connections allowed, and HOW LONG before they should be considered orphaned. It's primarily used by ppl heavily into torrents, which tend to create many connections that end up orphaned, and thus drain router resources.
Beware, you can only control source ports, not destination ports (which is why I asked). You can add the necessary iptables rules directly in the GUI using the router's firewall script. You can test it beforehand using telnet and the command line.
Frankly, I suspect the ISP is limiting INBOUND ports, iow, which ports you can use for remote access back to your network. At least that would make more sense. And if that's the case, you simply don't use those ports for your port forwarding.