pfSense Support Subscription

Author Topic: Is there a way to trace which port is blocked when playing PS4 game?  (Read 184 times)

0 Members and 1 Guest are viewing this topic.

Offline warheat1990

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
I'm playing Bloodborne right now after a long break and I notice that I can't get online anymore (other game is working fine by the way), the game will kick me out as soon as I start, it's working fine when I used my OpenWRT router but not pfsense.

I set my PS4 with static IP and put it in UPnP, my setup is as follows.

allow 1024-65535 192.168.0.104/32 80-65535

192.168.0.104 <-- this is my PS4 static IP

I also tried manually open ports used by PSN and Bloodborne based on this tutorial but still no luck.

https://www.reddit.com/r/bloodborne/comments/31wsqq/ports_to_open_for_bloodborne/



Is there a way to debug this issue?

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4908
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Is there a way to trace which port is blocked when playing PS4 game?
« Reply #1 on: November 04, 2017, 10:58:08 pm »
What is your WAN of you pfsense plugged into?

Offline warheat1990

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Is there a way to trace which port is blocked when playing PS4 game?
« Reply #2 on: November 05, 2017, 01:01:15 am »
What is your WAN of you pfsense plugged into?

Router modem from ISP in bridge mode.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14277
  • Karma: +1330/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Is there a way to trace which port is blocked when playing PS4 game?
« Reply #3 on: November 05, 2017, 01:04:53 am »
I find it just moronic that 80/443 would be needed inbound..  For starters many ISP block this, because their users are not suppose to run servers, etc.

What is needed in the gaming community is simple straight forward, is the traffic needed inbound (port forward) or is it needed to be allowed outbound.  Its should also be a given in the home setup that all ports are allowed outbound at the router.  Ie default any any, etc.  Also for your port forwards which if any should be static.. Ie the source port can not be changed like what happens with NAPT on any soho router.

If your going to be using UPnP then you shouldn't need to port forward anything.  And you should be able to see the requests for ports, etc.  If you really do need 80/443 inbound - your going to want to make sure pfsense is not listening on those for its gui, etc.

simple netstat -an will tell you what ports pfsense listening on.

As to finding what is not open.  This should be logged in the firewall as a block into your wan.  Unless you had turned off default logging, etc.  You could also sniff at the wan if you wanted too, etc.
« Last Edit: November 05, 2017, 01:10:09 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4908
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Is there a way to trace which port is blocked when playing PS4 game?
« Reply #4 on: November 05, 2017, 06:38:56 am »
Router modem from ISP in bridge mode...

Dumb question, I know.  Kill me later.  What is your pfsense WAN address?  Public?  (Yes - I know it should be)

If your bridge is working correctly, and if you are of the mind to experiment...   Try static outbound NAT for the ports used by your PS4.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14277
  • Karma: +1330/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Is there a way to trace which port is blocked when playing PS4 game?
« Reply #5 on: November 05, 2017, 06:57:54 am »
BTW this allow statement wouldn't actually work if you need 80/443 inbound..

"allow 1024-65535 192.168.0.104/32 80-65535"

Your saying in that rule that external you can forward ports 1024+ to internal 80+ so how could 80 or 443 actually be forwarded inbound?  You could only request a redirect from say 1024 to 80.. Which would the game work that way?  If it really needs 80 and 443 open inbound?

I still find it unlikely games would need 80 inbound.  Also from your link - how is this clear?

Quote
The opening of the port Port required to connect to the PSN, is as following each port is required for online play of "Bloodborne". Please to open the port if such can be well connected in the network equipment you are using.

■ port number required to connect to the PSN TCP: 80,443,3478,3479,3480 UDP: 3478,3479

Port number required to online play of ■ "Bloodborne" TCP: 18671, 20443 UDP: 9305,9306

It doesn't state if those are need to be allowed outbound or inbound..   Lets look at your port 3478 for example... This port is typically the OUTBOUND Port from your network to the STUN server.. It would not be needed inbound unless you were running a STUN server behind your NAT..

To be honest the best way to get this to work would be to let UPnP do its thing.. And then watching what ports get opened in via UPnP you could always switch that to manual port forwards, etc.

My son never complained when he had his PS online.. All I ever did was turn on UPnP for his PS IP with the 1024+ restrictions both external and internal.  The only thing that could request UPnP was his PS, and it was locked to its own vlan (UPnP was only listening on this vlan interface on pfsense).  He no longer lives at home, so sorry I can not be of more help with actual testing since I do not have a PS to test with.
« Last Edit: November 05, 2017, 07:02:35 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4908
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Is there a way to trace which port is blocked when playing PS4 game?
« Reply #6 on: November 05, 2017, 07:23:28 am »
Blast from the past right?

https://forum.pfsense.org/index.php?topic=83332.msg513128#msg513128

So, that solution from before was a combination of upnp turned on and setting up some static outbound NAT.

If this doesn't work for you, hitting your ISPs combo router / modem with a large hammer may help in the long run.
« Last Edit: November 05, 2017, 07:29:10 am by kejianshi »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14277
  • Karma: +1330/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Is there a way to trace which port is blocked when playing PS4 game?
« Reply #7 on: November 05, 2017, 07:39:10 am »
Setting all Ports as static is BORKED!!!  That is for sure..  NAPT can not function with multiple devices behind it with all ports being static.. Since what happens when client A wants to use source port X and client B also tries to use source port X..

That is not a valid solution in the long run with multiple clients using the same public IP.. Sooner or latter your going to run into conflicts NAPT not being able to do its thing if you tell it that all source ports need to be static..

The correct solution to such a problem with ps4 needing some source ports be static is to set those specific outbound ports as static..  Not all ports ;)
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4908
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Is there a way to trace which port is blocked when playing PS4 game?
« Reply #8 on: November 05, 2017, 07:54:13 am »
Ohhhhhh yeah.  I agree.   turn on upnp and set static outbound on the specific ports you need and forward those ports for good measure.

I don't see any problem with static nat applied to an interface with a single client though, in terms of breaking other things.