I have set up a Raspberry Pi running the Debian Package Add-On, currently updated to 3.8.1 and I’m feeding regular ADS-B/Mode-S as well as MLAT to Flightaware.
The Raspberry Pi runs behind a OpnSense Firewall restricting access to only pre-specified port ranges.
When I set up the system, I noticed that my MLAT traffic was not coming trough, which I was notified about by an “anomaly” message on my feeder page on Flightaware. This message told me, that for MLAT, an OUTBOUND port range of 4999:9999 was needed, which I manually opened in the FW.
After a few restarts of the RPi and the FW due to package upgrades, I would often notice, that MLAT traffic stopped with the same error message, although the FW had ports 4999:9999 open. I then noticed that the RPi tried to connect to FA using a completely different port (usually somewhere above 10,000). Once I (manually) opened the port on the FW, MLAT UDP connection was fine again - until I rebooted again which once again triggered the use of another port.
I don’t want to open all ports for this RPi due to security concerns but I also don’t want to manually add every port that might show up once anything was rebooted.
I’m therefore asking: is this a misconfiguration on my side?
Is the anomaly message concerning port range 4999:9999 on the feeder page on FA plain wrong/outdated?
Is this a bug in the FA software? What is the correct port range that needs to be opened?
Any help greatly appreciated. Thanks in advance