OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: brando56894 on February 06, 2018, 03:01:41 pm
-
Hey,
So I know this is a long standing issue with *sense routers, I had the issue with pfSense for months and couldn't figure it out. I always had NAT type 2 or type 3. I ended up buying Asus' $400 GT-AC5300 "Gaming" router which has great hardware (4 core ARM processor clocked at ~1.5 GHz, 2 GB RAM, 8 NICs [2 support bonding], 8 antennas for MIMO AC) but the interface is an abomination and it doesn't support Merlin :( Everything has the word "game" attached to it for no other reason than for calling it a "gaming router", like the malware and parental filtering was called "Game Protection" or something stupid. I instantly had an NAT type 1/ open NAT in CoD WWII as soon as I set it up, the problem was that it made everything else a pain in the ass for me (running my webserver, using a VPN, etc...).
So after about 3-4 months of using that I got pissed and switched the GT-AC5300 to Access Point mode to disable all of it's unnecessary functions (love that it has this option), and put OPNsense 18.1 as my router. I installed the UPnP packages and it forwarded the ports...but of course it showed up as NAT type 2 and my roommate immediately started bitching because we can no longer connect to other people or invite them, yet we can play in public non-invite games, usually without issue.
I believe the issue is, as I saw someone else state on here, is the fact that I have two PS4s trying to use the same ports at the same time, I believe he can connect to his friends without issue when he's just playing, but as soon as I join sh!t hits the fan.
This seems to be resolvable since the Asus router is able to fix it, but I'm not a network guru, just a sysadmin so any help is appreciated.
-
One thing I notice is that you say you installed the UPnP plugin, and did manual port forwarding.
Incoming traffic on a specific port will always be forwarded to what you manually have set, the destination address of one of the PS4's. Since you can't forward one source(WAN)/protocol to multiple destinations.
Since you, most likely, have only one Public IP address it makes sense this won't work.
Although I know of someone show has this working too, so I am guessing UPnP does something nasty here.
Anyway, I would start with removing the manual port forwarding, and just let UPnP (PS4 to router) do it's nasty thing.
-
I tried it with just pure UPnP first and it didn't work, after time spent googling I found a Network Engineer state that the way he got it to work was to forward the "party" ports to the specific internal IPs (since they use a range of 3 ports now), and let UPnP handle everything. That is how I have it setup, UPnP forwards the ports (different ones to different IPs, I watched the UPnP connection status), yet WWII still bitches about NAT type 2 or 3, and in turn, my clueless roommate starts bitching about the NAT types, which really mean nothing to us in the IT field.
-
What is the URL of that thing you read?
Because no matter what, you can only port forward from one WAN IP address to one LAN IP address.
Never multiple.
-
It was a comment in the PS4 SubReddit. We still have issues with only one PS4 on, so maybe UPnP is at fault, it does forward two ports automatically.
I'm not used to using OPNsense, and I find the documentation lacking anything regarding the firewall. I'm largely a noob when it comes to firewalls. So I tend to have a lot of issues. Also for some reason I can't see any activity in the live firewall log, yet the state summary shows many active connections from his PS4 to other IPs. His PS4 says that it can't open port 3074...yet I clearly see connections on 3074 on his IP.
How can I put his PS4 in the DMZ (outside of/not blocked by the firewall)? His friend told him to do that and I told him the risks involved and he was like "I don't care, do it!". His internal IP is 192.168.1.244 and OPNsense is 192.168.1.1
-
There are 2 things that can help with NAT traversal.
The first is UPNP, as you've already done.
The second one is especially helpfull for a lot of games: static port NAT for UDP. It will allow another hole punching technique to work. You can either set it up for your entire network, or just for your PS4's
Go to Firewall->NAT->Outbound. Switch your configuration to Hybrid and hit save.
Then make a new rule with the following:
Protocol -> UDP
Source adress -> enter IP of PS4 here or enter network including netmask to apply to entire network
Static-Port -> checkmark.
Repeat for adresses of other PS4's if you're applying solely to those and see if NAT situation has improved.