PS4 and PFSense


Recommended Posts

I am having issues with my PS4 and pfSense Box.. While using pfSense as my gateway, the PS4 is unable to connect to multiplier games or use the voice chat feature, when using my Cisco Router, it works fine. Xbox Live and PS3, never had any issues.. I snooped around on the pfsense forums, but I didn't really understand what they were talking about to be honest.. 

 

I have made no special rules,
NAT Outbound is set to, 
Automatic outbound NAT rule generation
          (IPsec passthrough included)
Here is a pic of my upnp setup, 
post-61856-0-97971200-1385228284.png
 
Some people are talking about making a static port, but, that is were I need help.. 
Link to comment
Share on other sites

In user specified permissions 1-4 it looks like it allows you to open/make a static port.

 

Not sure what port the PS4 uses, so refer back to pfsense forums and it might just give you a line of code to copy in the user specified permissions box.

Link to comment
Share on other sites

User specified permissions are normally for locking down to specific IPs ports, etc. If you select the deny default setting.

What do you show under status?

Status: UPnP & NAT-PMP Status

Can you point to forum post there that you do not understand?

Link to comment
Share on other sites

User specified permissions are normally for locking down to specific IPs ports, etc. If you select the deny default setting.

What do you show under status?

Status: UPnP & NAT-PMP Status

Can you point to forum post there that you do not understand?

http://forum.pfsense.org/index.php/topic,69319.0.html?PHPSESSID=e1f911becc99b6e59e533bcb78353348

 

I guess I need to set my PS4 with a static IP and enter in the rules?

Link to comment
Share on other sites

The static pote setting is under the NAT > outbound. There's a rule that's created and it allows everything and under static port it'll say no. You need to edit that rule switch it to yes and boom done.

I had to do this a long time ago for gaming on my network with multiple PCs and consoles.

Link to comment
Share on other sites

No it does not - outbound by default is all allowed, if your thinking of unsolicited inbound traffic. Then yes it does block that just like every other single nat router on the planet.

His issue sounds like he needs static port mapping in his NAPT (Network Address and Port Translation) which is what pretty much every single nat router used in homes uses. It allows the sharing of the single public IP by changing the ports used for traffic. http://en.wikipedia.org/wiki/Network_Address_and_Port_Translation

What happens in this is say you want to go to neowin on port 80, well there is a source port here something random above 1024

If you look at the state table you can see what is going on

post-14624-0-31082200-1385732152.png

So you can see private address at .100 is talking to dropbox on 108.160.162.33 via port 80.. But look at the source port connection started at 57481, but then when it leaves my router 24.13.x.x the source is 55937

What seems xbox needs to work with what they want to do is a static outbound nat. So that the port used on the outbound side is the same as what xbox is listening on.

To do this in pfsense you have to switch to manual outbound nat vs automatic, and then create your rules. If you see the 2nd picture the guy posted - this is his outbound nat for port udp 9308.. Seems his problem is that rule was not on the top of the list.. So he prob got some other nat rule doing it and not the static one. When you switch from Automatic to manual you see the rules that are in play in automatic

post-14624-0-81927600-1385732702.png

See that rule under the static one for port 500, that is the nat rule that changes from your lan to your public. Well its both udp and tcp and ports are not static. So if he put his static nat rule below that it would never be seen. So you need to put any static outbound nat rules you need on the top of the list.. like that 500 rule is above the general nat rule.

As to what ports he needs for whatever he is doing with xbox not sure, but if they need to be static ports then this is done in the outbound nat section and setting up the rules "above" the generic nat everything rule. That is what that thread he linked to is talking about - and as you can see from the guy saying

There we go! -- THANKS!!!!

Put it at the top of the ruleset and it worked.

Once he placed his static rule correctly in the rulesets it worked.

Link to comment
Share on other sites

I plan on trying that out today, sorry, i've been busy and haven't had time to change it since I have been using my Cisco Router in place of the pfsense box. Thank you everyone for your help

Link to comment
Share on other sites

<snipped>

I am assuming this is the page I need to be on? Correct? Do I need to change it to manual? If so, what all will that affect?

post-61856-0-45898200-1385734713.png

Second, I am assuming I am making a rule from this screenshot from the pfsense forums?

post-61856-0-24509100-1385734780.png

 

So I need to set my PS4 with a static IP, set to manual, add that rule?

 

Edit:

Add the rule that this?

post-61856-0-05713900-1385735344.png

Link to comment
Share on other sites

Yes that is the correct page.. You need to change to manual.

Your not going to want to set it to ALL ports static from the ps4, just look to see what ports you need and set those. But I guess you could set your ps4 IP to just be static ports for everything.. That makes it simple, but not sure what issues that might bring up if any.. Sure give it a go..

if that 1.144 is the static IP of your ps4 then yeah - you would set the mask to /32 which just means that IP.

Link to comment
Share on other sites

I don't have any experience with the PS4, but I know the Xbox One uses random ports (With Teredo) as a means to break through the NAT (Since only like 25% of devices they encounter support UPnP or NAT-PMP), it wouldn't surprise me if the PS4 was doing something similar.

Link to comment
Share on other sites

Yes that is the correct page.. You need to change to manual.

Your not going to want to set it to ALL ports static from the ps4, just look to see what ports you need and set those. But I guess you could set your ps4 IP to just be static ports for everything.. That makes it simple, but not sure what issues that might bring up if any.. Sure give it a go..

if that 1.144 is the static IP of your ps4 then yeah - you would set the mask to /32 which just means that IP.

post-61856-0-38041900-1385926826.png

post-61856-0-37403100-1385926415.png

Still isn't working.. I am assuming am I am missing something?

 

Edit - I finally got it to say "Nat Type 2" instead of failed by moving it to the top of the rules. However, still fails to play online. I can access the store and see my friends.. but can't chat or play with them. 

Link to comment
Share on other sites

So here is the thing did you reset your states? Its possible the ports your trying are high ports, ie above 1024 and already in use, etc. Clear the states.

I really would look into what specific ports you need that need to be static, and do you need any port forwards to play games for unsolicited traffic, nat rules are just going to be in answer to what you opened outbound or possible with UPnP - not sure on that.

But if you want to host games it better to create the port forwards directly vs hoping UPnP takes care of it for you, etc.

Link to comment
Share on other sites

  • 2 months later...

I'm back.. I just used my Cisco Router and played that way.. but, It's Sunday and I have nothing else to do.. So, I want to tackle it..

No giving up this time.. I can't play PS4, until this is fixed.. lol It can't be that hard and it must be something I'm doing or not doing because others are able to figure this out..
I am getting NAT TYPE 2, or NAT TYPE 3 depending which settings I turn on or off..
My PS4 IP is 10.10.1.144 and subnet mask is 255.255.255.0

post-61856-0-11666600-1393200151.png


post-61856-0-27619200-1393200175.png

 

Any Ideas?

Link to comment
Share on other sites

Hello,

I'm back.. I just used my Cisco Router and played that way.. but, It's Sunday and I have nothing else to do.. So, I want to tackle it..

No giving up this time.. I can't play PS4, until this is fixed.. lol It can't be that hard and it must be something I'm doing or not doing because others are able to figure this out..

I am getting NAT TYPE 2, or NAT TYPE 3 depending which settings I turn on or off..

My PS4 IP is 10.10.1.144 and subnet mask is 255.255.255.0

attachicon.gifNAT OUTBOUND.png

attachicon.gifuPNP.png

 

Any Ideas?

Might want to try http://www.canyouseeme.org/ and see if everything is being applied correctly.
Link to comment
Share on other sites

I was able to get my Xbox One to say open NAT with the same settings.. This is driving me crazy lol


Hello,
Might want to try http://www.canyouseeme.org/ and see if everything is being applied correctly.

that tells me that it is accessible, but still NAT2

Link to comment
Share on other sites

Hello,

http://manuals.playstation.net/document/en/ps4/settings/nw_test.html

Sony seems to have a weird way of stating NAT :huh:

You're right, it drove me crazy.. lol... When using PfSense before, I couldn't play anything online or play Need For Speed Rivals because it would say it couldn't connect to EAs server.. But, everything seems to be working now.. Thanks for your help!

Link to comment
Share on other sites

  • 8 months later...

So I hate to revive an old thread, But I am having some dumb issues with this as well and hope that someone will help me.

 

Followed the guide and did the Manual outbound nat and whatnot and I get NAT2 in the PS4 network options.

 

Problem? I cannot connect to any games or connect to any networks like for Destiny or COD AW.

 

UPNP isn't working and I have no idea what to do? Any advice? thanks!

 

Also attached some pictures showing that I have everything set correctly including the order on the NAT.

 

Thanks

 

Neztea

post-3374-0-51513500-1416377934.png

post-3374-0-89970700-1416377935.png

post-3374-0-12553400-1416377939.png

Link to comment
Share on other sites

You haven't entered any ports to be forwarded in your NAT entry.

Yes, I know that, But that is what UPNP is for since I have multiple consoles that may use those ports and that would be a conflict.

 

I've read up that if you set it to static in that manner with the NAT, then UPNP should be in play, Since UPNP only works when you have Dynamic IP addresses, which I find odd.

 

Even so, trying to get UPNP to work with my config, if that is even possible...

 

Neztea

Link to comment
Share on other sites

I doubt your outbound nat is correct, your saying every outbound port should be static.. So if your source port is say 14561 then you should use that same port outbound. What if that is in use by something else? and not your /32 you have there. Then what happens?

UPnP is for inbound traffic - have never seen it used to control outbound to be honest, not outbound. Normally where games would be played there are no outbound restrictions. For example by default pfsense lan is any any outbound. Have you changed this? You can check your UPnP ports that are in play under its status page. Not sure who told you UPnP only in play with dynamic?

A client makes a request, it is opened or a different port is negotiated if that one is in use by some other client, etc. Or being used in a state already.

Why would you think that you should allow inbound on 53+?? Normally ports would be 1024 or above, the ephemeral ports 1024-65k

Now if something requires a specific source port, say 666 then you would set that specific in the outbound ports. Normally those would be ports below 1024, reserved/privileged ports.

Do you have any rules on the lan firewall tab or floating that could blow UPnP from getting to pfsense?

What I would do is put your outbound to static, remove any restrictions you have set on UPnP.. Try your game and then look in the upnp status were any ports open?

post-14624-0-21138400-1416406285.png

Look up your specific game requirements for static outbound and set those, worse case sniff on pfsense lan and see what the game is trying to do, what ip/ports is trying to connect to, sniff on wan - what inbound traffic is coming in on what ports - then you can open those up, etc. If you can not find the specific requirements for firewall ports online, etc.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.