pfSense Forum

pfSense English Support => Gaming => Topic started by: PickleSlice on October 24, 2014, 11:37:51 pm

Title: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on October 24, 2014, 11:37:51 pm
PS4 is reporting a Type 3 NAT which is restrictive. I've tried what I thought would fix it, and I've looked up many threads with similar issues and I cannot seem to resolve this.

I've tried it with NAT and Port Forwarding and with Aliases. Anyone have any ideas?

Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on October 25, 2014, 02:53:12 pm
Anyone have any input? I've got a useless ps4 as of right now 😕
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: AhnHEL on October 25, 2014, 09:40:31 pm
1.  Your second Port Forward Rule is setup for TCP.  Change it to UDP.

2.  Your PS4 Outbound NAT Rule says Static Port NO.  Change it to YES.

3.  Not important for the PS4 but your Localhost Outbound NAT Rule should have Static Port NO.

Should have posted this in the Gaming Sub Forum.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on October 26, 2014, 12:36:38 am
1.  Your second Port Forward Rule is setup for TCP.  Change it to UDP.

2.  Your PS4 Outbound NAT Rule says Static Port NO.  Change it to YES.

3.  Not important for the PS4 but your Localhost Outbound NAT Rule should have Static Port NO.

Should have posted this in the Gaming Sub Forum.

I did everything you suggested and it is the same as before, type 3 NAT unfortunately.

I apologize, I didn't realize there was a gaming forum, I headed straight to to the firewall section. I'll post over in the correct forum.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on October 26, 2014, 08:29:57 pm
Started over from scratch, still nothing. New settings are attached to this post.

Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: weust on October 27, 2014, 02:27:07 pm
I have my PS4 on a seperate port. DMZ basically.
Outbound is open, and just a bunch NAT and Rules to hook it up to a Type 2 just fine.

If you can give it a dedicated port on your router/firewall machine, I can show you some screenshots.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on October 27, 2014, 02:29:23 pm
I have my PS4 on a seperate port. DMZ basically.
Outbound is open, and just a bunch NAT and Rules to hook it up to a Type 2 just fine.

If you can give it a dedicated port on your router/firewall machine, I can show you some screenshots.

I can but I'll have to buy a new card. I'll definitely do that if I can't get it situated. Thanks!
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: weust on October 27, 2014, 02:32:12 pm
Had it working with m0n0wall and since a few days now with pfSense.
And back in september even through Hyper-V.

I've been running like this since the beta of Destiny.
I will get some screenshots up.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on October 27, 2014, 02:34:01 pm
Had it working with m0n0wall and since a few days now with pfSense.
And back in september even through Hyper-V.

I've been running like this since the beta of Destiny.
I will get some screenshots up.

I appreciate that, thank you!
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on October 27, 2014, 02:35:43 pm
Have you tried turning on uPNP?
Or are you behing a router thats behind another router or something like that?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: weust on October 27, 2014, 02:59:40 pm
My setup is a Soekris net6501-30 which has four Ethernet ports.
em0 = WAN
em1 = LAN (192.168.1.0/24)
em2 = OPT1 (not used)
em3 = OPT2 (192.168.2.0/24) (PlayStation 3 and 4. Cable switch at the console end)

My PS4 and PS3 are both on 192.168.2.10/24 as I couldn't be bothered figuring out how to do it for two IP addresses.
I just switch the cable between the two.
Also, I set the IP address manually as you can only set one IP address on one MAC address.
And since it's only two consoles, who cares...

First is to enable the interface you're hooking up the PS4, and give it an IP address.
Don't forget to set the mask as the default is /32 which took me some digging around as to why the console couldn't connect to at all...
I know I didn't use the Private Networks options. Perhaps I should enable it just in case.

(http://i929.photobucket.com/albums/ad140/Weust/PS4%20firewall%20DMZ/Interface_zps82d66543.png~original) (http://s929.photobucket.com/user/Weust/media/PS4%20firewall%20DMZ/Interface_zps82d66543.png.html)


Next is to add NAT Port Forwarding. Let it at a Firewall Rule as well.
I brushed one line away as that has nothing to do with the PlayStation forwarding.

(http://i929.photobucket.com/albums/ad140/Weust/PS4%20firewall%20DMZ/NAT_Port_Forward_zpsd0dd8a7c.png~original) (http://s929.photobucket.com/user/Weust/media/PS4%20firewall%20DMZ/NAT_Port_Forward_zpsd0dd8a7c.png.html)


Second is to set NAT Outbound. I am not paranoid enough to set specific ports for outbound, so I let it all go from the console to the internet.
Mind the Static Port is set to YES.

(http://i929.photobucket.com/albums/ad140/Weust/PS4%20firewall%20DMZ/NAT_Outbound_zps924fcf9a.png~original) (http://s929.photobucket.com/user/Weust/media/PS4%20firewall%20DMZ/NAT_Outbound_zps924fcf9a.png.html)


Below is the Rules list created by the NAT Port Forwarding.

(http://i929.photobucket.com/albums/ad140/Weust/PS4%20firewall%20DMZ/Rules_WAN_zps92278f19.png~original) (http://s929.photobucket.com/user/Weust/media/PS4%20firewall%20DMZ/Rules_WAN_zps92278f19.png.html)


The Rules for PLAYSTATION include IPv6, but that was mainly as a copy from LAN.
I don't IPv6 at all here at home as my ISP does not use it yet.

(http://i929.photobucket.com/albums/ad140/Weust/PS4%20firewall%20DMZ/Rules_PLAYSTATION_zpscb2e855d.png~original) (http://s929.photobucket.com/user/Weust/media/PS4%20firewall%20DMZ/Rules_PLAYSTATION_zpscb2e855d.png.html)


Hope this helps. Let me know if you run into trouble. I might have forgotten to mention something :D
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on October 27, 2014, 03:05:59 pm
Can you try going into services > upnp and turn on upnp?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on October 27, 2014, 03:18:36 pm
Have you tried turning on uPNP?
Or are you behing a router thats behind another router or something like that?

I have not.

My setup is modem - pfsense box. Coming out of the pfsense box on the lan port I have a linksys router acting as a wifi AP and a switch, DHCP and firewall are both off.

I'll turn on uPNP shortly when I get home.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on October 27, 2014, 03:26:14 pm
If uPNP doesn't do it for you try to eliminate the AP.
If thats feasible. 
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on October 27, 2014, 03:29:59 pm
If uPNP doesn't do it for you try to eliminate the AP.
If thats feasible.

I have a brand new 16 port gigabit switch I can plug in and test with if need be. It can't stay there, but I can certainly use it to test.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on October 27, 2014, 03:33:56 pm
That sounds like a very good idea.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on October 27, 2014, 05:32:50 pm
That sounds like a very good idea.

Alright -

Pulled the AP (which is a Linksys E2500 running TomatoUSB) and put in my 16 port Netgear gigabit switch. Still the same with a Type 3 NAT.

I removed pfSense and reset my Linksys after backing it up, and it connects to problem with a Type 2 NAT.

Turn on uPnP with the AP removed and still nothing, same with it connected.

Showing traffic for the PS4 in uPnP status on pfSense as well.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: MaxPF on November 05, 2014, 11:01:01 am
Not sure if it will help, but I found this:

http://www.playstationlifestyle.net/2014/02/08/possible-ps4-firmware-upnp-bug-and-workaround/

Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on November 05, 2014, 03:25:44 pm
Not sure if it will help, but I found this:

http://www.playstationlifestyle.net/2014/02/08/possible-ps4-firmware-upnp-bug-and-workaround/

Seems like a plausible cause, but I've ran the network connection test and it always comes back with a type3.

On another note, I've purchased another nic and it got here last night. In the meantime, I think I'm just going to put it on it's own network and make it a DMZ and run the PS4 from there for the time being. Definitely not how I want to run my network, but I'm tired of switching over to an old router router every time I play on the PS4.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 05, 2014, 03:28:51 pm
When you look at the dashboard of your pfsense, is the WAN IP a public or private IP?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on November 05, 2014, 03:30:49 pm
When you look at the dashboard of your pfsense, is the WAN IP a public or private IP?

I'm not sure where it says that exactly...
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 05, 2014, 03:37:12 pm
Upper right hand corner.

It will say WAN interface IP.

What is that IP?

Its a number like 173.213.81.1 or something...
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 05, 2014, 04:05:06 pm
The reason I'm asking about that IP is because if its private, like 192.168.1.1, then you are Double NAT and nothing you do is going to work properly.

You would need to make your modem pass a public IP to pfsense WAN.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on November 05, 2014, 05:11:47 pm
Oh! I misunderstood your first question. My modem is set in bypass mode, it does not do anything firewall or routing related.

The reason I'm asking about that IP is because if its private, like 192.168.1.1, then you are Double NAT and nothing you do is going to work properly.

You would need to make your modem pass a public IP to pfsense WAN.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 05, 2014, 05:27:45 pm
OK - So then you have verified that the the pfsense wan has a public IP?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: PickleSlice on November 05, 2014, 05:29:43 pm
OK - So then you have verified that the the pfsense wan has a public IP?

I haven't made it homs yet, but I'm certain it does. I use dyndns to maintain remote access to it.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 05, 2014, 05:32:16 pm
The reason I want to check that is because unless you are running multiple LAN segments, with uPNP up, this should be simple.  Unless its double NAT
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: cardboardbrobot on November 26, 2014, 02:12:15 am
So I've been scratching my head on how to get this to work. I've followed the guide and I would get a NAT2 on the PS4 but unfortunately I cannot connect to any online games. These are my settings as followed and I am on Pfsense 2.2 with Hybrid on.

Mappings.

Interface   Source       Source Port   Destination   Destination Port   NAT Address   NAT Port   Static Port
WAN       GameConsoles    *   *   *   WAN address   *   YES   
VPN1    10.11.1.0/24   *   *   *   VPN1 address   *   NO

*Game consoles is an alias for my IP's for the consoles (xbox one and ps4)


 Automatic rules:
 
        Interface   Source   Source Port   Destination   Destination Port   NAT Address   NAT Port   Static Port   Description   
             WAN       127.0.0.0/8 10.11.1.0/24 10.10.21.0/30   *   *   500   xxx.xxx.xxx   *   YES   Auto created rule             
            WAN       127.0.0.0/8 10.11.1.0/24 10.10.21.0/30   *   *   *   xxx.xxx.xxx   *   NO


Any suggestions?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: johnpoz on November 29, 2014, 08:41:56 am
Where did you get the idea to use static on your outbound nat for every single port?  That makes NO SENSE as setting, and will surely break stuff!

"I haven't made it homs yet, but I'm certain it does. I use dyndns to maintain remote access to it. "  Sorry but dyn dns doesn't mean that pfsense has a public IP.. Sorry but most setups uses end up being behind a double nat..  Unless you have specifically setup the device from the isp in bridge mode, or have actual just cable modem and not a gateway like they like to hand out when they sign you up for tripleplay, etc. etc.

Have you validated that you are seeing UPnP request to pfsense via sniff?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: weust on January 08, 2015, 07:50:59 am
Missed some replies here, but was thinking about this topic after I switched from things around in my own setup.
Reason is that I wanted to control the YouTube app on the PS4 from my iPad, but also connect the PlayStation app to my PS4.

I plugged the PS4 into my switch, which has the uplink from my pfSense box, and gave is the IP address 192.168.1.60.
Then I edited the Rules for each of the ports opened for 192.168.2.10 (old IP address of PS4 in seperate subnet/DMZ) and changed the IP address to the new one.

I then added a NAT rule to allow Static Port on 192.168.1.60, and placed that line above the 192.168.1.0/24 line.
And I got NAT2 on the PS4 again.


To johnpoz, why wouldn't you enable Static Port for every port from the specific IP address of the PS4?
After months of playing Destiny like this I yet have to see anything break.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: johnpoz on January 08, 2015, 08:53:46 am
You sure and the hell do not need static ports for every single port that is ever in use..  And since you have multiple machines behind your 1 public IP that all share ports.. How could you possible think you wouldn't run into a problem?  Machines do not know what the other machines are using..

So for example you have machine 1 that creates source port 5012 to 80 on some website..  What if machine 2 just happens to be using source port 5012 for 1 of its connections?

The configuration is just not valid for use on a system that is using PNAT that has more than 1 machine behind the nat..
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: weust on January 08, 2015, 09:15:14 am
I see what you mean. Will see if I can set it up more tightly.
Even if it's just to see if I can get it working by myself.

But even then, in my situation the possibility of both my PS4 and my iPad using the same source port at the exact same time would be a big coincidence.  But it can happen.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: johnpoz on January 08, 2015, 11:40:45 am
there is nothing in the consoles that should even require static source port to be honest.  But the more devices you have behind the PNAT the more likely you are to run into the problem.

Its really an invalid sort of setup no matter how you look at it.  The whole design of napt is to allow the natting device to use source ports on its public that are open, if you try to set it up so that every connections source has to be used on the public side has to match the source on the private your asking for connection issues.

The other problem with the with ps line and xbox is the port information they provide is horrific - they list ports and don't actually state what is needed outbound and inbound.  It makes it look like they all need to be inbound - which clearly is not the case, for example they list 53 -- you sure an the hell do not need that inbound to your ps4
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: weust on January 08, 2015, 01:55:01 pm
True, but in my case it's being lazy. Getting the whole static port and why not to use it better now.
Never gave it much in dept thought, and was more thinking about Inbound traffic. Whats going out in that case doesnt concern me, or the how.

Don't I ever looked up the ports and information for Xbox, but for the PlayStation it's a mess.
Luckily Bungie (Destiny) does state what is needed for Inbound and Outbound for their game.
Except I still don't know why both the console and game want ports 80 and 443 Inbound.
It works fine without for about half a year now (I started in the beta of Destiny).

Xbox needing port 53 Inbound is the same for PS wanting ports 80 and 443 in.
It's not like the consoles run a DNS or webserver?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: johnpoz on January 08, 2015, 02:21:56 pm
"Except I still don't know why both the console and game want ports 80 and 443 Inbound."

They don't - one thing I will agree with is the documentation of what games or features need what is completely lacking in useful details for anyone to use..  You sure and the hell do not need inbound port 80 to your xbox.  And that would be broken on vast majority of isp in the first place since most of them block inbound to 80 - because your NOT allowed to run servers, etc..

I had buddy sniff his traffic, and the only port needed inbound was that 3074 port.. 88 was used outbound to auth on.. Didn't see any other ports in the sniffs.

A simple look at the sniffs from pfsense diag with your consoles IP address as the filter will tell you exactly what would be needed...

Lazy in what -- breaking stuff.. You do not need static source ports for anything console games that I could ever think of..  Its just never going to be designed to work through 99% of home routers...  You thinking that fixed anything is just not likely..  I can only think of a few things that might need this, like IKE with udp 500 back in the day.  Today that should not be required.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: weust on January 08, 2015, 02:26:39 pm
It was more a retorical question to myself :-)

For PlayStation I know they do use from extra ports.
Havent sniffed it's traffic yet, but for example Party chat with headsets really needs a certain (or mulitple, I forgot) ports Inbound open.
No doubt Outbound as well to set things up.

And as for NAT type 2 (Open NAT? for Xbox) it needs Outbound port(s) open too.
When I have this set up more nicely, I will try to check the logs more closely.

Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: johnpoz on January 08, 2015, 02:39:51 pm
Why would not ALL ports be open outbound??  This is a home connection, I see no reason what so ever to block outbound traffic on any port that my console might need..  The default lan rule is any any..

While yes if you are doing any voip IP stuff then I would assume some sort of inbound port prob used, 5060 would come to mind.  If talking xbox - isn't it support to use ipv6 which makes all the nat problems go away?

If having issues with xbox I would look to getting ipv6 working!
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: weust on January 08, 2015, 02:44:17 pm
IPv6 it's not offered by my ISP yet.

All ports are open outbound, except not with Static Port (as by your recommendation).
And that I need to get a NAT Type 2 or Open NAT.

What I am doing right now, is letting the ports needed by the PS4 and the game allow the use of Static Port on Outbound traffic.
Or at least, I am in thr progress of setting it up and then testing.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: weust on January 08, 2015, 02:55:18 pm
You've really confused me here.
You dont like Static Port open Outbound for everything coming from the LAN.
Fine, I get that. So I start setting up NAT for allowing only ports used by the PS4 and the game to Outside.
But that doesnt make sense because after all that comes the any/any rule for traffic coming in on LAN going everywhere.
But setting up Rules is even more so no workable as you can't set port ranges there.

So what is so wrong with me having port forwarding specific ports to the PS4, but allowing only traffic coming from the PS4 to have Static Port enabled?

What am I missing now?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: jbhowlesr on April 05, 2015, 10:37:55 am
SO I was experiencing this issue to and I thought I would post what I did to get around this problem. As it stands, from reading up on the PS4 since I play destiny as well, the PS4 needs uPnP for certain functions. The problem has two parts. The first pfSense does not automatically turn this setting on and you must enable it as well and the first option below it (i'll post the name when I get home) so that pfsense will respond to uPnP requests. The second part of the problem is the PS4 itself; which provides no setting to enable or disable uPnP. What the PS4 attempts to do is negotiate the connection on startup. What must be done each time you hop onto play on PSN is start your game and wait till you receive the TYPE-3 NAT notice. Once you see it, press the play station button and go to the settings\network and click test connection. What this does is force the PS4 to renegotiate the connection with the game running. You will be disconnected from the server while running the test and when you start the game back up you should at least have a type 2 NAT.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: steve72 on April 11, 2015, 03:41:52 am
You don't need UPnP, just forward the correct ports and set them as static in outbound.
Som games might require additional ports. If you need additional ports, just add them in the alias page.

PS4 in the pictures is your static PS4 IP on your LAN.


Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: choppergage on April 16, 2015, 12:45:50 pm
Or you can use my settings without having to much port forwards in it so here's my screenshot for my currently settings if you want to try this first. It will work with everything, like as PSN, Xbox Live, Steam, etc. in every devices on LAN.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: jbhowlesr on April 18, 2015, 05:54:45 pm
Tried your settings... Did not work. So I read into the issue and discovered that most game consoles including PS4 required Upnp. The PS4 however provides no option to change its own setting so you have to force the console to renegotiate its own connection therefor resolving it's own issue. Since reading this and doing as I have posted, I have no more issues with NAT 3. With your settings, I still had NAT 3. The router is not the issue, it is the console itself. Therefor opening up ports that weaken the security that pfsense provides is a bad idea.

Just incase I trying to apply your setting wrong. Can you explain the steps you took in the above graphic?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: choppergage on April 19, 2015, 01:45:55 am
It is simple. I was installed latest pfsense and setting up like this way. Here's how I process with NAT setting and also UPNP.

This is what I am getting NAT Type 2 and UPNP is available at all depending on how your way as configuration. Also I don't need any port forward. You can delete any port forward and it will work if you do same as mine.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: drifter1138 on April 30, 2015, 07:03:49 pm
It is simple. I was installed latest pfsense and setting up like this way. Here's how I process with NAT setting and also UPNP.

This is what I am getting NAT Type 2 and UPNP is available at all depending on how your way as configuration. Also I don't need any port forward. You can delete any port forward and it will work if you do same as mine.

I'm going to ship you +1 internet when I get the chance,
This solved my NAT type 3 internet issues with Destiny and my PS4 altogether.
Thanks a bunch guardian!
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: dark.neo29 on July 23, 2015, 12:02:27 pm
Doing this outbound rule...Does it leave any ports open once your logged of say the PS4?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on July 29, 2015, 02:41:07 am
Open ports are only an issue if there is a service listening on that port. 
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: DaReaLDeviL on October 26, 2015, 02:31:47 am
Just to point in a different direction - I had a similar issue and couldn't find a fix for it. In the end it was the switch and the setting of the "IGMP Snooping" that don't let me get the nat type. Maybe have a look at it.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: factit on October 27, 2015, 07:42:06 am
It is simple. I was installed latest pfsense and setting up like this way. Here's how I process with NAT setting and also UPNP.

This is what I am getting NAT Type 2 and UPNP is available at all depending on how your way as configuration. Also I don't need any port forward. You can delete any port forward and it will work if you do same as mine.


Sorry for the necro but that works perfectly. Had some PS4s that needed to be connected , just put them on our guest VLAN and enabled this , sorted.

Does PfSence have a user editable wiki , may be worth you putting that in there as this simple fix is hard to find through the googles

 
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: geeklex on February 07, 2016, 10:00:33 am
Just wanted to point out that this resolved the issue for me.

https://www.reddit.com/r/PFSENSE/comments/2uc645/need_help_getting_open_nat_on_ps4/coltde7 (https://www.reddit.com/r/PFSENSE/comments/2uc645/need_help_getting_open_nat_on_ps4/coltde7)

Things Required.

1: An unchanging IP address for the PS4 (dhcp static mapping).
2: UPNP enabled.
3: NO manually created port forwards to the PS4.
4:A rule in "Firewall: NAT: Outbound" specific to outbound UDP traffic from the PS4 that has the "Static Port" option enabled. The STUN-based networking that PS4/Destiny want to use cannot work with PFSense's default behaviour of randomizing source ports.


(http://www.marz.ca/wp-content/uploads/2016/02/NAT2.png)
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: cyanic on February 19, 2016, 11:27:35 pm
Just to point in a different direction - I had a similar issue and couldn't find a fix for it. In the end it was the switch and the setting of the "IGMP Snooping" that don't let me get the nat type. Maybe have a look at it.

I had the same issue. UPnP uses multicast and since pfsense does not appear to IGMP join the UPnP channel the switch will block all UPnP requests to it. Turn off IGMP snooping if you have a managed switch that uses it (many do by default), unless you know you need it.

Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: STOIE on June 04, 2016, 03:18:31 am
@geeklex

I know this is an old thread, but if it helps people in the future, I just wanted to say:

Thanks mate, your solution worked perfectly!
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: xman111 on June 05, 2016, 12:29:26 am
yup for me too.. thanks.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: dredder on January 19, 2017, 03:59:31 pm
@geeklex: awesome, I'd've never been able to figure this out on my own.

btw. PS4 connection test shows NAT 2 even if UPNP is disabled. Let's see how this goes in the games
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: bgbird03 on November 18, 2017, 03:41:57 pm
Just wanted to point out that this resolved the issue for me.

https://www.reddit.com/r/PFSENSE/comments/2uc645/need_help_getting_open_nat_on_ps4/coltde7 (https://www.reddit.com/r/PFSENSE/comments/2uc645/need_help_getting_open_nat_on_ps4/coltde7)

Things Required.

1: An unchanging IP address for the PS4 (dhcp static mapping).
2: UPNP enabled.
3: NO manually created port forwards to the PS4.
4:A rule in "Firewall: NAT: Outbound" specific to outbound UDP traffic from the PS4 that has the "Static Port" option enabled. The STUN-based networking that PS4/Destiny want to use cannot work with PFSense's default behaviour of randomizing source ports.


(http://www.marz.ca/wp-content/uploads/2016/02/NAT2.png)

Anyone able to help me with the Firewall: NAT: Outbound rule? Not quite enough details in this post for me to understand what boxes to check/ fill in. Also, I was able to pull a NAT Type 2 on my PS4 with just the first three steps done here (really just 1 & 2 since I didn't have any unique firewall rules). We'll see if that holds up when I  try voice chatting/ party play.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: Napsterbater on November 20, 2017, 09:07:06 am
Instead of setting Static IPs for consoles so you can make special Outbound NAT Rules, what I do is just set Outbound NAT to "Manual Outbound NAT" and change the "Auto created rule - LAN to WAN" and enable Static Port for the whole subnet. There is little reason or benefit to have random source ports anyways and this solves quite a few things, not just for consoles.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: bgbird03 on November 20, 2017, 01:31:42 pm
Instead of setting Static IPs for consoles so you can make special Outbound NAT Rules, what I do is just set Outbound NAT to "Manual Outbound NAT" and change the "Auto created rule - LAN to WAN" and enable Static Port for the whole subnet. There is little reason or benefit to have random source ports anyways and this solves quite a few things, not just for consoles.

Okay -- I went into Firewall -- NAT -- Outbound and changed it to Manual Outbound NAT rule generation. I left all of the other rules alone, except the very last rule (description says Auto Created rule - LAN to WAN) and...the only thing I changed in here was under Translation I clicked the box "Static Port". Is that correct? I have "no idea" what I'm actually doing when I do this, so we'll see how it goes.

I was able to successfully get (prior to doing this) my PS4 to grab a Type 2 NAT and 50 Mbps (my purchased bandwidth) on the internet connection test, but when I tried to play some BF4 I experienced extreme latency (lag/high ping) when playing online -- even tried different servers. I regrettably plugged my Verizon router back in and of course, everything worked perfectly. Ugh.

Thanks for your help! We'll see if this helps with my ping.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 20, 2017, 01:36:57 pm
You need to do it correctly for it to work.  Please post a pic of your outbound NAT config and also post your game consoles IP.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: Napsterbater on November 20, 2017, 01:51:24 pm
Instead of setting Static IPs for consoles so you can make special Outbound NAT Rules, what I do is just set Outbound NAT to "Manual Outbound NAT" and change the "Auto created rule - LAN to WAN" and enable Static Port for the whole subnet. There is little reason or benefit to have random source ports anyways and this solves quite a few things, not just for consoles.

Okay -- I went into Firewall -- NAT -- Outbound and changed it to Manual Outbound NAT rule generation. I left all of the other rules alone, except the very last rule (description says Auto Created rule - LAN to WAN) and...the only thing I changed in here was under Translation I clicked the box "Static Port". Is that correct? I have "no idea" what I'm actually doing when I do this, so we'll see how it goes.

I was able to successfully get (prior to doing this) my PS4 to grab a Type 2 NAT and 50 Mbps (my purchased bandwidth) on the internet connection test, but when I tried to play some BF4 I experienced extreme latency (lag/high ping) when playing online -- even tried different servers. I regrettably plugged my Verizon router back in and of course, everything worked perfectly. Ugh.

Thanks for your help! We'll see if this helps with my ping.

Port Forwarding/NAT issues DO NOT affect ping/latency.

They only affect connectability.

If you have Open NAT/Type 2 and you have no issue joining the game/s, and nothing complaining of NAT issues, then it is not a Port Forward issue.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: bgbird03 on November 20, 2017, 02:07:00 pm
You need to do it correctly for it to work.  Please post a pic of your outbound NAT config and also post your game consoles IP.

Okay this is the outbound NAT config. Running the most current version of pfSense, 2.4.1. PS4 is a static IP 192.168.1.3 (.2 is my wireless access point that I have my PS4 connected to via ethernet). 192.168.1.1 of course is the gateway/LAN port on the pfSense box.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: bgbird03 on November 20, 2017, 02:08:48 pm
Instead of setting Static IPs for consoles so you can make special Outbound NAT Rules, what I do is just set Outbound NAT to "Manual Outbound NAT" and change the "Auto created rule - LAN to WAN" and enable Static Port for the whole subnet. There is little reason or benefit to have random source ports anyways and this solves quite a few things, not just for consoles.

Okay -- I went into Firewall -- NAT -- Outbound and changed it to Manual Outbound NAT rule generation. I left all of the other rules alone, except the very last rule (description says Auto Created rule - LAN to WAN) and...the only thing I changed in here was under Translation I clicked the box "Static Port". Is that correct? I have "no idea" what I'm actually doing when I do this, so we'll see how it goes.

I was able to successfully get (prior to doing this) my PS4 to grab a Type 2 NAT and 50 Mbps (my purchased bandwidth) on the internet connection test, but when I tried to play some BF4 I experienced extreme latency (lag/high ping) when playing online -- even tried different servers. I regrettably plugged my Verizon router back in and of course, everything worked perfectly. Ugh.

Thanks for your help! We'll see if this helps with my ping.

Port Forwarding/NAT issues DO NOT affect ping/latency.

They only affect connectability.

If you have Open NAT/Type 2 and you have no issue joining the game/s, and nothing complaining of NAT issues, then it is not a Port Forward issue.

Okay, thanks for the heads up! I posted my configs to see if I did it right I guess...even if it won't fix my PS4 latency issues. Appreciate the clarification.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 20, 2017, 02:10:50 pm
It will work fine, but I would change that source to 192.168.1.3 / 32

I would also then switch it to hybrid outbound NAT.  Just in case your network changes in the future.

Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: bgbird03 on November 20, 2017, 02:14:16 pm
It will work fine, but I would change that source to 192.168.1.3 / 32

I would also then switch it to hybrid outbound NAT.  Just in case your network changes in the future.

So change the last rule -- LAN to WAN to a Source IP of 192.168.1.3/32? What about the rest of the IPs in 192.168.1.0/24? Don't they need access to this same rule? (clearly showing my ignorance here).

And OK -- switched to Hybrid mode. Thx.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 20, 2017, 02:18:23 pm
No.  Just the 1 device you are having problems with. 
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 20, 2017, 02:23:34 pm
Clarification.  Make a rule for the 192.168.1.3/32 with a static port
Then below that add a rule for the 192.168.1.0/24 without static port.

The rules are executed in order. 

Then if you send me a pic again, I'll let you know if it is right.  I'm sure you will get it right.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: bgbird03 on November 20, 2017, 02:38:08 pm
Perfect! Did just that. Thanks.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 20, 2017, 02:48:15 pm
Great.  Enjoy. 
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: Napsterbater on November 20, 2017, 02:53:45 pm
Clarification.  Make a rule for the 192.168.1.3/32 with a static port
Then below that add a rule for the 192.168.1.0/24 without static port.
[/quote

Why?

Make 192.168.1.0/24 static port, that way it is done for any future Consoles or P2P apps, then no need to make more rules for each new console/app/device and such, there is practically no reason not to have static port today, except to further break P2P.

Also Why tell Op to switch to hybrid then negate that with a rule covering the /24, a rule which is already in place due to hybrid?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 20, 2017, 03:02:04 pm
Because there is no need to make the entire /24 static.

Also, I can tell by the lack of mistakes that he can do this again for another device any time he likes.  He isn't lost at all.

I'd be really surprised if a automatic rule trumped his manual rule in hybrid mode, but if it did, I'd say thats a bug.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: Napsterbater on November 20, 2017, 03:09:22 pm
Because there is no need to make the entire /24 static.
There is also no (real) reason not to, and again takes care of any futures consoles/P2P apps that have issues with randomized ports.

I'd be really surprised if a automatic rule trumped his manual rule in hybrid mode, but if it did, I'd say that's a bug.
No I was saying YOU told him to use hybrid mode vs manual, then also told them to make a /24 rule (in addition to the /32)...  there was no point to the 2nd /24 rule since you had them do hybrid, that /24 was already made.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 20, 2017, 03:17:12 pm
You may be right about the last part.  Won't hurt anything, but you may be right that it isn't necessary.

BTW - I can't tell anyone to do anything...  Can't even make my dog sit.  haha
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: bgbird03 on November 20, 2017, 05:32:35 pm
Just as long as it isn't opening my network up to China, I'm happy. I think I'll do 192.168.1.0/24 static, and hybrid. That covers everything, right?
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: Napsterbater on November 20, 2017, 05:44:45 pm
Just as long as it isn't opening my network up to China, I'm happy. I think I'll do 192.168.1.0/24 static, and hybrid. That covers everything, right?
https://doc.pfsense.org/index.php/Static_Port

That shows why they're doing it by default. But even it states those are very unlikely and not really useful attacks in today's world.

It's how I have my network setup I don't use hybrid I use manual but effectively how you're doing it it doesn't exactly matter.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 20, 2017, 09:58:48 pm
You would only need the entire /24 set with static outbound if you had no idea what the IP of your PS4 was going to be or if its IP changed often.
Since you have a static IP, there is no need to assign more than a /32 as static.  In other words, only the one device that needs it. 

Will it break anything to make the entire /24 static?  No.  But it does neutralize source port randomization for your entire network.

Feel free to do whichever way sounds better and more secure to you.  I think most of the people who run this site would recommend only assigning a /32 static though. 
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: Napsterbater on November 20, 2017, 10:22:03 pm
You would only need the entire /24 set with static outbound if you had no idea what the IP of your PS4 was going to be or if its IP changed often.
Since you have a static IP, there is no need to assign more than a /32 as static.  In other words, only the one device that needs it. 

Will it break anything to make the entire /24 static?  No.  But it does neutralize source port randomization for your entire network.

Feel free to do whichever way sounds better and more secure to you.  I think most of the people who run this site would recommend only assigning a /32 static though.

"Security" through obscurity  AKA More ways for NAT (NAPT Really) to break stuff/mangle traffic. Unless you are running a really old OS or DNS server/client, it breaks way more then it "secures"/helps.



Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 20, 2017, 11:03:54 pm
I find that disabling the firewall completely makes everything work very well. 
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: Napsterbater on November 20, 2017, 11:30:03 pm
I find that disabling the firewall completely makes everything work very well.

NAT/NAPT is not a Firewall. It's a hack as is, and having it futher mangle traffic/break stuff (by randomizing ports), is backwards, especially for the extreamly tiny tiny "benifit" it provides if you are even being targeted by such attack vs the Apps/Services/Devices (Consoles/Games, VoIP, P2P) it causes issues with, which are in the scheme of things are still small but still much much much bigger then what it helps. Again it's not security, it's obscurity.

Nice straw man argument though.

Can't wait for legacy IP and its associated NAPT and the thinking that comes with it to be gone, or atleast in the minority, not going to be able to rely on that crutch with IPv6.

Edit: Added "(by randomizing ports)" for clarification.
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: kejianshi on November 21, 2017, 12:08:55 am
I'd never argue with a straw man  (-;

On that, I totally agree.  NAT is a huge PITA.  I'm a huge fan of IPV6.  Can't' wait for IPV4 to become mostly extinct so that all these broken connection problems disappear.  I run IPV6 and it solves so many problems, particularly for servers. 

Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: bgbird03 on November 24, 2017, 10:57:46 am
Do you guys have any great BASIC "firewall rules" places to start? I'm going absolutely bonkers with my pfblockNG enabled because a whole bunch of stuff just doesn't work.

First it was my Bumble dating app...had to go through and create 4 different rules for that (seems like I can only allow one destination IP at a time in each rule?), so that was fun. And now this morning it is my BBC News app...I'm at 9 rules for that (they have a range of servers that the app calls out to, like 212.58.246.110-112)! I can't figure out how to input ranges in my firewall rules, and even then, I feel like this is going to be an epic struggle for the rest of my life (fighting against myself) when say, BBC decides to change the IP ranges on their end; in other words, this solution is temporary and great for learning, but not exactly the sort of robustness I would expect in a corporate environment. Any suggestions or tips?

Thanks (by the way, I have about 1000 other issues ranging from VPN speeds to certificates to proxy server feature sucking, but I'm trying to keep it limited to the issues we were talking about).
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: jespar on February 05, 2018, 07:50:56 pm
Under Services/UPnP & NAT-PMP turn on
-Enable UPnP & NAT-PMP
-Allow UPnP Port Mapping
-Allow NAT-PMP Port Mapping
Goto PS4 settings and run the network test you'll see NAT now is Type 2

(Not sure if you need both NAT-PMP and UPnP)
Title: Re: NAT Type 3 on PS4 - I've tried everything I can think of
Post by: rvoosterhout on February 13, 2018, 02:34:00 pm
I also can't seem to get this to work. I attached screenshots of my UPNP setting and outbound NAT settings. My Box has 3 nic's (1 not used), WAN is an external IP, LAN is in 10.0.0.0 range. PS4 has an alias to 10.0.0.3. The PS4 has a static IP set on the PS4. Kindly let me know if I missed something.

(https://i.imgur.com/LX1J4yp.png)
(https://i.imgur.com/FB0VslD.png)

Thanks a lot!

Rick