Firewall not letting some NAT ports 23 through

#Allow outbound FTP traffic
pass out break end proto ftp from any to any port=ftpcnt flags S!A inspect-state
#Allow any other outbound traffic and the replies back in
pass out break end inspect-state
#Allow incoming IPSEC
pass break end proto 50
pass in break end proto udp from any to any port=ike
pass in break end proto udp from any to any port=4500
#Allow any traffic within an IPSEC tunnel in both directions
pass break end oneroute any
#Allow incoming SSH and SFTP
pass in break end proto tcp from any to any port=22 flags S!A inspect-state
#Allow incoming HTTPS
pass in break end proto tcp from any to any port=443 flags S!A inspect-state
#Block and log everything else including incoming telnet, http and FTP
block log break end


Not sure what you are trying to do as the basic firewall ruleset does not allow Telnet inbound.

it should allow all traffic outbound if this is applied to PPP interface / Wan interface.

if the firewall is enabled on local lan interface nothing would work




Very Simple connecting to a BAMS 1022 PM2.5 sampler via ethernet port Usually NAT Port 4000 to internal

Ports 9881 & 9887 redirect to internal (an 8832 ESC Data Logger which requires port 9881 & 9887 they seem to work.


With out the full configuration if you are using port forwarding you need to make sure you have NAT enabled with option 2 “IP and Pot Numbers” this is needed to do port number changes.

if you have other port mapping that use the same port number in and out the default nat rul is usally just set to 1 (ip only)

for further help i would need to see a full Debug to see what is happening



Thanks how do I send you the debug file? Man I am getting all sorts of GP socket connection from all over the flicking world and it closed down my dang WR41 this morning requiring a reboot again Did it also last weekend. I need firewall help.
is the file called debug.log?

the devices you are connecting over the internet has this got a fixed IP on the internet?

You should enable the firewall and only allow access to the ports you want


pass in break end on ppp 1 from x.x.x.x to addr-ppp1 port 8800 >< 8900 > to

if you need further assistance you should contact