The pfSense Store

Author Topic: NAT Type 3 on PS4 - I've tried everything I can think of  (Read 26158 times)

0 Members and 1 Guest are viewing this topic.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14479
  • Karma: +1342/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #30 on: January 08, 2015, 08:53:46 am »
You sure and the hell do not need static ports for every single port that is ever in use..  And since you have multiple machines behind your 1 public IP that all share ports.. How could you possible think you wouldn't run into a problem?  Machines do not know what the other machines are using..

So for example you have machine 1 that creates source port 5012 to 80 on some website..  What if machine 2 just happens to be using source port 5012 for 1 of its connections?

The configuration is just not valid for use on a system that is using PNAT that has more than 1 machine behind the nat..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

weust

  • Guest
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #31 on: January 08, 2015, 09:15:14 am »
I see what you mean. Will see if I can set it up more tightly.
Even if it's just to see if I can get it working by myself.

But even then, in my situation the possibility of both my PS4 and my iPad using the same source port at the exact same time would be a big coincidence.  But it can happen.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14479
  • Karma: +1342/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #32 on: January 08, 2015, 11:40:45 am »
there is nothing in the consoles that should even require static source port to be honest.  But the more devices you have behind the PNAT the more likely you are to run into the problem.

Its really an invalid sort of setup no matter how you look at it.  The whole design of napt is to allow the natting device to use source ports on its public that are open, if you try to set it up so that every connections source has to be used on the public side has to match the source on the private your asking for connection issues.

The other problem with the with ps line and xbox is the port information they provide is horrific - they list ports and don't actually state what is needed outbound and inbound.  It makes it look like they all need to be inbound - which clearly is not the case, for example they list 53 -- you sure an the hell do not need that inbound to your ps4
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

weust

  • Guest
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #33 on: January 08, 2015, 01:55:01 pm »
True, but in my case it's being lazy. Getting the whole static port and why not to use it better now.
Never gave it much in dept thought, and was more thinking about Inbound traffic. Whats going out in that case doesnt concern me, or the how.

Don't I ever looked up the ports and information for Xbox, but for the PlayStation it's a mess.
Luckily Bungie (Destiny) does state what is needed for Inbound and Outbound for their game.
Except I still don't know why both the console and game want ports 80 and 443 Inbound.
It works fine without for about half a year now (I started in the beta of Destiny).

Xbox needing port 53 Inbound is the same for PS wanting ports 80 and 443 in.
It's not like the consoles run a DNS or webserver?

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14479
  • Karma: +1342/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #34 on: January 08, 2015, 02:21:56 pm »
"Except I still don't know why both the console and game want ports 80 and 443 Inbound."

They don't - one thing I will agree with is the documentation of what games or features need what is completely lacking in useful details for anyone to use..  You sure and the hell do not need inbound port 80 to your xbox.  And that would be broken on vast majority of isp in the first place since most of them block inbound to 80 - because your NOT allowed to run servers, etc..

I had buddy sniff his traffic, and the only port needed inbound was that 3074 port.. 88 was used outbound to auth on.. Didn't see any other ports in the sniffs.

A simple look at the sniffs from pfsense diag with your consoles IP address as the filter will tell you exactly what would be needed...

Lazy in what -- breaking stuff.. You do not need static source ports for anything console games that I could ever think of..  Its just never going to be designed to work through 99% of home routers...  You thinking that fixed anything is just not likely..  I can only think of a few things that might need this, like IKE with udp 500 back in the day.  Today that should not be required.
« Last Edit: January 08, 2015, 02:25:13 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

weust

  • Guest
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #35 on: January 08, 2015, 02:26:39 pm »
It was more a retorical question to myself :-)

For PlayStation I know they do use from extra ports.
Havent sniffed it's traffic yet, but for example Party chat with headsets really needs a certain (or mulitple, I forgot) ports Inbound open.
No doubt Outbound as well to set things up.

And as for NAT type 2 (Open NAT? for Xbox) it needs Outbound port(s) open too.
When I have this set up more nicely, I will try to check the logs more closely.


Online johnpoz

  • Hero Member
  • *****
  • Posts: 14479
  • Karma: +1342/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #36 on: January 08, 2015, 02:39:51 pm »
Why would not ALL ports be open outbound??  This is a home connection, I see no reason what so ever to block outbound traffic on any port that my console might need..  The default lan rule is any any..

While yes if you are doing any voip IP stuff then I would assume some sort of inbound port prob used, 5060 would come to mind.  If talking xbox - isn't it support to use ipv6 which makes all the nat problems go away?

If having issues with xbox I would look to getting ipv6 working!
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

weust

  • Guest
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #37 on: January 08, 2015, 02:44:17 pm »
IPv6 it's not offered by my ISP yet.

All ports are open outbound, except not with Static Port (as by your recommendation).
And that I need to get a NAT Type 2 or Open NAT.

What I am doing right now, is letting the ports needed by the PS4 and the game allow the use of Static Port on Outbound traffic.
Or at least, I am in thr progress of setting it up and then testing.

weust

  • Guest
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #38 on: January 08, 2015, 02:55:18 pm »
You've really confused me here.
You dont like Static Port open Outbound for everything coming from the LAN.
Fine, I get that. So I start setting up NAT for allowing only ports used by the PS4 and the game to Outside.
But that doesnt make sense because after all that comes the any/any rule for traffic coming in on LAN going everywhere.
But setting up Rules is even more so no workable as you can't set port ranges there.

So what is so wrong with me having port forwarding specific ports to the PS4, but allowing only traffic coming from the PS4 to have Static Port enabled?

What am I missing now?

jbhowlesr

  • Guest
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #39 on: April 05, 2015, 10:37:55 am »
SO I was experiencing this issue to and I thought I would post what I did to get around this problem. As it stands, from reading up on the PS4 since I play destiny as well, the PS4 needs uPnP for certain functions. The problem has two parts. The first pfSense does not automatically turn this setting on and you must enable it as well and the first option below it (i'll post the name when I get home) so that pfsense will respond to uPnP requests. The second part of the problem is the PS4 itself; which provides no setting to enable or disable uPnP. What the PS4 attempts to do is negotiate the connection on startup. What must be done each time you hop onto play on PSN is start your game and wait till you receive the TYPE-3 NAT notice. Once you see it, press the play station button and go to the settings\network and click test connection. What this does is force the PS4 to renegotiate the connection with the game running. You will be disconnected from the server while running the test and when you start the game back up you should at least have a type 2 NAT.

Offline steve72

  • Newbie
  • *
  • Posts: 18
  • Karma: +5/-0
    • View Profile
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #40 on: April 11, 2015, 03:41:52 am »
You don't need UPnP, just forward the correct ports and set them as static in outbound.
Som games might require additional ports. If you need additional ports, just add them in the alias page.

PS4 in the pictures is your static PS4 IP on your LAN.


« Last Edit: April 11, 2015, 03:45:35 am by steve72 »

Offline choppergage

  • Newbie
  • *
  • Posts: 18
  • Karma: +3/-0
    • View Profile
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #41 on: April 16, 2015, 12:45:50 pm »
Or you can use my settings without having to much port forwards in it so here's my screenshot for my currently settings if you want to try this first. It will work with everything, like as PSN, Xbox Live, Steam, etc. in every devices on LAN.

jbhowlesr

  • Guest
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #42 on: April 18, 2015, 05:54:45 pm »
Tried your settings... Did not work. So I read into the issue and discovered that most game consoles including PS4 required Upnp. The PS4 however provides no option to change its own setting so you have to force the console to renegotiate its own connection therefor resolving it's own issue. Since reading this and doing as I have posted, I have no more issues with NAT 3. With your settings, I still had NAT 3. The router is not the issue, it is the console itself. Therefor opening up ports that weaken the security that pfsense provides is a bad idea.

Just incase I trying to apply your setting wrong. Can you explain the steps you took in the above graphic?
« Last Edit: April 18, 2015, 06:11:47 pm by jbhowlesr »

Offline choppergage

  • Newbie
  • *
  • Posts: 18
  • Karma: +3/-0
    • View Profile
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #43 on: April 19, 2015, 01:45:55 am »
It is simple. I was installed latest pfsense and setting up like this way. Here's how I process with NAT setting and also UPNP.

This is what I am getting NAT Type 2 and UPNP is available at all depending on how your way as configuration. Also I don't need any port forward. You can delete any port forward and it will work if you do same as mine.

Offline drifter1138

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: NAT Type 3 on PS4 - I've tried everything I can think of
« Reply #44 on: April 30, 2015, 07:03:49 pm »
It is simple. I was installed latest pfsense and setting up like this way. Here's how I process with NAT setting and also UPNP.

This is what I am getting NAT Type 2 and UPNP is available at all depending on how your way as configuration. Also I don't need any port forward. You can delete any port forward and it will work if you do same as mine.

I'm going to ship you +1 internet when I get the chance,
This solved my NAT type 3 internet issues with Destiny and my PS4 altogether.
Thanks a bunch guardian!