PS4 and PFSense

[fusi0n]

did you add a static map on your PS4?

[Neztea]

did you add a static map on your PS4?

Hey, yeah, I did add it as a static map, I get NAT2 on the PS4 and can access the store etc etc, it is just that I cannot access any online games such as destiny and in COD AW. It is extremely weird.

 

Thanks for all trying to help me. I've upgraded to PFsense 2.2 to see if that would work.

 

Neztea

[+BudMan MVC]

going from stable to new beta, prob not the best idea. UPnP worked in the 2.1.5 line, it may or may not work in 2.2 as of yet.

Did you validate that UPnP is working, as stated your static outbound nats were broken. You can not say every port is static.. Can not work with more than one device behind the public IP.

I am still on the road, heading back tmrw so can show you how to see if UPnP is working. Simple enough to sniff on the lan interface, and look for the requests, and then look in the UPnP status to see if pfsense opened the port(s).

[Neztea]

going from stable to new beta, prob not the best idea. UPnP worked in the 2.1.5 line, it may or may not work in 2.2 as of yet.

Did you validate that UPnP is working, as stated your static outbound nats were broken. You can not say every port is static.. Can not work with more than one device behind the public IP.

I am still on the road, heading back tmrw so can show you how to see if UPnP is working. Simple enough to sniff on the lan interface, and look for the requests, and then look in the UPnP status to see if pfsense opened the port(s).

Yeah, I'm pretty sure that Upnp is working due to the fact that in the logs it shows that the ps4 can open a port and the xbox one that I have can open the port (shows teredo on port 3700 or whatever it was). I get Nat2 on the ps4 and I get OPEN on the xbox one. I just cannot connect to any games whatsoever. It was the same on Pfsense 2.1.5 and PFsense 2.2.

 

It is so weird. I've followed all the guides and I have no idea what could be the issue. I've even mades rules for multicast and opened it up for multicast as well just in case if there was anything. IGMP is disabled as well too so that there is no multicast filtering.

 

Neztea

[+BudMan MVC]

did you leave that static outbound nat in there - that would break all kinds of stuff! You can set few specific that need to be static, but the rule you had in place would break a bunch of stuff to be honest.

So pfsense has a public IP on its wan right, your not behind a double nat.

[Neztea]

did you leave that static outbound nat in there - that would break all kinds of stuff! You can set few specific that need to be static, but the rule you had in place would break a bunch of stuff to be honest.

So pfsense has a public IP on its wan right, your not behind a double nat.

No, Not having double nat, it has a public IP on the WAN.

 

I've set static ports to 127.0.0.0/8 and 10.11.1.1/24. Get a NAT2 but cannot connect to any games. It's the same without those rules as well.

 

This is how my rule set is looking like right now. Any suggestions?

 

Neztea

[+BudMan MVC]

Yes this is BROKEN!!!

This is not a valid configuration.. Do you know what static means here? And how the napt works here..

So you make a connection lets say to neowin:http

privateip:42156 ---> neowin:80 - pfsense - publicip:32154 ---> neowin:80

your client on your private IP uses some random source port, 42156 in this example, when pfsense nats that to your pubic IP it picks some other random that none of the other sessions is using. when neowin answers back it answers to your publicip on 32154, and pfsense says hey that goes to privateip:42156

When you set it to static like that your saying the port HAS to be the same..

privateip:42156 ---> neowin:80 - pfsense - publicip:42156 ---> neowin:80

This could cause problems since your clients pick their source port random pretty much, every new session just uses the next number up, etc. So what happens with client A uses say port 12345 to talk to neowin, and client B uses 12345 to talk to cnn.com

One of those is going to fail, since you set static and pfsense is suppose to keep the same source port, etc. So whoever gets there first wins I guess. But what if client C had already used 12345 as source for something else.

While you can use static for specific stuff, setting it for all dest ports your going to have issues.

[Neztea]

Yes this is BROKEN!!!

brokent.png

This is not a valid configuration.. Do you know what static means here? And how the napt works here..

So you make a connection lets say to neowin:http

privateip:42156 ---> neowin:80 - pfsense - publicip:32154 ---> neowin:80

your client on your private IP uses some random source port, 42156 in this example, when pfsense nats that to your pubic IP it picks some other random that none of the other sessions is using. when neowin answers back it answers to your publicip on 32154, and pfsense says hey that goes to privateip:42156

When you set it to static like that your saying the port HAS to be the same..

privateip:42156 ---> neowin:80 - pfsense - publicip:42156 ---> neowin:80

This could cause problems since your clients pick their source port random pretty much, every new session just uses the next number up, etc. So what happens with client A uses say port 12345 to talk to neowin, and client B uses 12345 to talk to cnn.com

One of those is going to fail, since you set static and pfsense is suppose to keep the same source port, etc. So whoever gets there first wins I guess. But what if client C had already used 12345 as source for something else.

While you can use static for specific stuff, setting it for all dest ports your going to have issues.

 

Yeah, I understand that, and hence why I had it set it no before and it didn't work, so I set it to yes.

 

As for the static port for my "game consoles" alias (10.11.1.60 / 10.11.1.70) I've read up that in order to use UPNP that it has to be set with static ports in order for it to use it, since UPNP in pfsense is weird like that.

 

I've followed this guide in which some people have reported that it has worked 

https://forum.pfsense.org/index.php?topic=69319.15

 

and yes, for the game consoles, I have tried both static and non static and I could get a NAT2 but still couldn't connect to games.

 

Thank you so much Budman for trying to help me and understand all of this. :)

 

Edit: oh jeebus I just linked a thread that the OP had used and had used that guide to no avail. Well poop on me :S

 

Neztea

[Neztea]

Ok, So this is my NAT: Outbound now. Still get NAT2 but still no online connectivity for gaming. As for the hybrid mode that is the new pfsense 2.2, it does the rules on the top first before using the automatic rules. I have used this method for bot 2.1 and 2.2 of Pfsense and I still can't get it to work.

 

Neztea

[+BudMan MVC]

And does your game require static ports? What are the ports your game needs? Having to set static like that makes NO SENSE, you sure it wasn't a guide from someone without a clue to what it means? And he was just clicking on random ###### and for some reason it happened to work so he thought static setting was the fix?

Isn't one of the big thing with ps4 IPV6?? Or is that only xbox?

I question the info in that thread for starters

88-65535 192.168.1.17/32 88-65535

What game are you using or playing that would require port 88 to 1024? I find it hard to believe privileged ports would be used.. The specific ports in question for any game or service should be listed. So that you can manually forward them, etc. UPnP is not a system to rely on if you ask me.. Can you point to what specific game or application is not working so I can try and find the ports it uses.

[Neztea]

And does your game require static ports? What are the ports your game needs? Having to set static like that makes NO SENSE, you sure it wasn't a guide from someone without a clue to what it means? And he was just clicking on random ###### and for some reason it happened to work so he thought static setting was the fix?

Isn't one of the big thing with ps4 IPV6?? Or is that only xbox?

I question the info in that thread for starters

88-65535 192.168.1.17/32 88-65535

What game are you using or playing that would require port 88 to 1024? I find it hard to believe privileged ports would be used.. The specific ports in question for any game or service should be listed. So that you can manually forward them, etc. UPnP is not a system to rely on if you ask me.. Can you point to what specific game or application is not working so I can try and find the ports it uses.

 

My ISP doesn't do IPV6 yet so there isn't no point to it.

 

What my isp does do is it has 2 dynamic IP's that it addresses to each user. So I got one public IP going into Pfsense and 1 IP going int an AC66u Router. The Xbox and the PS4 are both connecting to the AC66U and low and behold I get Nat2 and Open Nat on the consoles. The Router has Upnp enabled.

 

Question is, how do I go about connecting the two routers together now to make it seemlessly..

 

Mind you my Pfsense is 10.11.1.0 and the Router is 10.12.1.0

 

Edit: also, I can access the online content of my games and do multiplayer thru the ac66u.

 

Neztea

[+BudMan MVC]

"My ISP doesn't do IPV6 yet so there isn't no point to it."

That didn't answer my question - can it use ipv6? What your isp support has little to do with it, just run a tunnel. You can get them free, I would highly suggest hurricane electric. My isp supports ipv6 and I still run a tunnel with HE because it is easier to work with than the isp. Can not seem to maintain the same prefix, every time there is a blip and you blink your lan has a new /64, etc.. https://www.tunnelbroker.net/

And still did not answer my other question - what ports are in use, what game and or application are you doing exactly? If you say it works through the router, what does the router list for the ports it opened with UPnP??

So your still only getting Nat 2 on one of them?? So your isp gives you 2 public IPs? What devices are you plugging your AC66U into and what are you plugging pfsense into? That they both get public on their wan? Please draw up how your network is connected.

[Neztea]

"My ISP doesn't do IPV6 yet so there isn't no point to it."

That didn't answer my question - can it use ipv6? What your isp support has little to do with it, just run a tunnel. You can get them free, I would highly suggest hurricane electric. My isp supports ipv6 and I still run a tunnel with HE because it is easier to work with than the isp. Can not seem to maintain the same prefix, every time there is a blip and you blink your lan has a new /64, etc.. https://www.tunnelbroker.net/

And still did not answer my other question - what ports are in use, what game and or application are you doing exactly? If you say it works through the router, what does the router list for the ports it opened with UPnP??

So your still only getting Nat 2 on one of them?? So your isp gives you 2 public IPs? What devices are you plugging your AC66U into and what are you plugging pfsense into? That they both get public on their wan? Please draw up how your network is connected.

Hey, sorry for the long wait.

 

My ISP does support IPV6 but it isn't implementing it for the time being. As for the ports, I have tried to port forward specifically to the ports in use for COD AW and destiny and even so it wouldn't still connect.

 

So my connection is this.. Modem --> HP procurve Switch on an Untrusted Vlan (666 lets say) then one cable  goes to the AC66U and 1 goes to Pfsense then from the pfsense goes to a trusted vlan where my AP and other computers connect to. The consoles are connected to the Ac66u. I was getting open nat for the Xbox and nat 2 for the ps4 but still couldn't connect to any online matchmaking for the 2 games. : (

 

also, for the upnp for pfsense, it would only list the xbox one (tredeno?) but no open ports under upnp for the ps4. 

 

Sorry for the delay once again :)

 

Neztea

[+BudMan MVC]

"ut no open ports under upnp for the ps4. "

So per the thread on pfsense forum that link to article about ps4 not requesting upnp seems like the problem

So how many IPs do you get from your isp, just put the consoles outside on public!!

http://www.playstationlifestyle.net/2014/02/08/possible-ps4-firmware-upnp-bug-and-workaround/

"The consoles are connected to the Ac66u."

So if they didn't work when connected there, what does this have to do with pfsense? And again I thought the new thing was ipv6.. Is this not the case in these games?

So for destiny those ports seem fairly simple to forward

http://www.bungie.net/en/Help/Article/11931

Those could be created in couple of rules, your outbound should be fine since default is any any, did you change that? So remove your outbound strict nat because clearly that is not needed from that article. And forward your ports = done!

Or since your wanting both of them on at the same time? Then I would get UPnP working with ps4, try that workaround listed - sniff on pfsense, is ps4 even requesting upnp? Or best solution since you say you have multiple IPs is just put your consoles on the public side.