PaulPunkGTX 0 Posted ... Hi guys, I have a slight problem. I need to forward some ports, but I can't due to restrictions.(The Port is already reserved or below 2048) How can I still forward them? I also heard that it should be possible to remap those, but I don't know how. These are the Ports: Port 88 (UDP)Port 3074 (UDP and TCP)Port 53 (UDP and TCP)Port 80 (TCP)Port 500 (UDP)Port 3544 (UDP)Port 4500 (UDP) Thanks in advance Quote Share this post Link to post
knighthawk 19 Posted ... I also heard that it should be possible to remap those, but I don't know how.In the Air client port area on the website... find the port in question...let's say it's 54321 and you want that mapped locally to port(4500), in the config for that port where it says local port enter 4500, save, rinse and repeat for the other ports in question. Disconnect\Reconnect to vpn server.Contact from the outside (ie clients) will then need to be directed to vpnserverip:highmappedport to connect to you, for cases where you're controlling the clients connecting and can configure which ports they should use it should work ok, cases where said clients are generic and not under your control or otherwise will only look for services on the default ports for said service you're just SOL. So to recap let's say you're running a website on port 88 locally that you want anyone on the internet to connect to. you'd map 54321 to local 88 in the air client area. Then give out https://airvpnserverip(or equivalent name that resolves to same):54321 for people to connect too, should work just fine assuming you have other things locally setup correctly (fw,etc) for your 10.x internal vpn address. As for services that require the client to look for the standard service port, you're sol unless you have control of the connecting clients, and even then you might be sol for something where the protocol or client doesn't let your specify alternative ports to use to connect to such well known services. So for example if you want to run a dns(53) server locally and have any random standard dns client on the internet query it directly from the internet - it's flat out not going to work. For websites it'll work fine as the protocol allow a port designation, for IPsec(500\4500)... honestly I've never tried screwing with changing those ports, if you have control of all the clients\those connecting maybe you can but from what little I recall 500\4500 are expected in most rfc compliant implementations, maybe I'm wrong though it's been awhile, be for an uncontrolled client connecting you're almost certainly sol. Quote Share this post Link to post