Netgate SG-1000 microFirewall

Author Topic: Supreme Commander , Static UDP Port problem *SOLVED*  (Read 8735 times)

0 Members and 1 Guest are viewing this topic.

Offline GruensFroeschli

  • Little Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5455
  • Karma: +90/-3
  • No i will not fix your computer!
    • View Profile
Supreme Commander , Static UDP Port problem *SOLVED*
« on: April 02, 2007, 04:39:08 pm »
setup:

ADSL-Modem(with NAT)  --------  Pfsense (1.0.1) --------------------------- LAN
  (192.168.1.1)                 WAN(192.168.1.6)  LAN(172.17.100.1)

Every Port on the modem is mapped to 192.168.1.6 (default)


Since a while i'm Playing Supreme Commander.
A few friend from university and i tried to play a multiplayergame.
everyone need's to be able to connect to everyone.
so everyone of us opened TCP/UDP port 6112, UDP 9103, UDP 30350-30351
we are 2 ppl who use pfsense and only we two have this problem.
when one of us who uses pfsense hosts the game everything work ok. all can connect except the other person who uses pfsense. everyone can connect to the server, but the other person with PFsense connot be reached by the other 2 ppl.

there is a tool called NATTrace
http://cavesvr.caverock.com/~andrew/nattrace/

even when everyone can connect to the server this tool say's: "NAT is availlable but port not mapped"
TCP works but not UDP.

so i've made a CARP-VIP on WAN side (192.168.1.2)
mapped the ports on the modem needed for the game to 192.168.1.2
and made a 1:1 NAT from 192.168.1.2 to the IP of the computer on the LAN and removed the normal NAT mappings

--> it worked.

i thought that maybe the "default"mapping of the modem is broken.
so i changed the mapping to 192.168.1.2 to 192.168.1.6 and removed the default mapping
removed the 1:1 and added normal mappings for the ports on pf.
--> not working again with normal NAT

this is a workaround that is ok for me.
but i'm just curious as to why this is happening.
is 1:1 NAT and normal NAT somehow different?


greeting
matthias may
« Last Edit: September 04, 2008, 07:21:17 am by GruensFroeschli »
We do what we must, because we can.

Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: possible UDP-NAT problem (probably i'm just too dumb)
« Reply #1 on: April 02, 2007, 04:51:44 pm »
When using 1:1 nat pf doesn't scramble ports outbound. The default outbound NAT DOES scramble ports for additional security. Some applications and protocols don't like that (SIP for example hates it). Search the forum for "static port" and create an advanced outbound nat rule accordingly. I guess that should fix the problem that you are seeing.

Offline GruensFroeschli

  • Little Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5455
  • Karma: +90/-3
  • No i will not fix your computer!
    • View Profile
Re: possible UDP-NAT problem (probably i'm just too dumb)
« Reply #2 on: April 02, 2007, 05:26:10 pm »
thanks for the fast answer :)
now when i think about it, i noticed in the log of NATTrace that it said something about communication happend but on the wrong port.

thank you /bow
We do what we must, because we can.

Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

Offline GruensFroeschli

  • Little Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5455
  • Karma: +90/-3
  • No i will not fix your computer!
    • View Profile
Re: possible UDP-NAT problem (probably i'm just too dumb) *SOLVED*
« Reply #3 on: April 03, 2007, 12:18:57 pm »
i have another question.
how exactly does pf behave when 2 clients try to establish an outbound connection on the same port and there are rules for static port in place?

is pf able to "merge" the two connections somehow or does it assigne the second connection just to another port?
We do what we must, because we can.

Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Supreme Commander , Static UDP Port problem *SOLVED*
« Reply #4 on: April 03, 2007, 12:25:27 pm »
Not sure about that. Maybe it will work as long as the external destination IPs are different. Try it and watch diagnostics>states and let us know  ;)