• The Forest Server

    5
    0 Votes
    5 Posts
    1k Views
    KOMK

    ??? All Internet services rely on IP only per se (with exceptions). DNS is a convenience for us humans. Anyway if NAT reflection works for you then good.

  • Ark Server Cluster NAT issue

    Moved
    9
    0 Votes
    9 Posts
    4k Views
    S

    Resolved the issue by enabling the tick box "Enable automatic outbound NAT for Reflection" in System > Advanced > Firewall & NAT. It even says in the description that this needs to be enabled for NAT Refection to work properly, just wish it had prompted me to enable it when i set Pure NAT mode in the rules i setup.

  • struggling with Xbox One Strict

    14
    0 Votes
    14 Posts
    3k Views
    A

    I think you are trying to do too many things at once. I'd break it down and try to figure out a thing at a time and get it working.

    If you remove the VPN from the picture, are you able to get the XBox to open? NordVPN does not forward ports so you'll never get an open NAT using them. There are a few providers from my searching that do support port forwarding. I personally use TorGuard as they support port forwarding and seemed a fair price point.

    To get a single IP to go through the VPN, I made an alias for my traffic group and set a rule so it goes through my VPN gateway.

    0_1534595846071_8c4ea14a-5ca8-4970-a491-fbefd01f71c7-image.png

    Here is an example of what my rules look like.

  • Getting Xbox working with PFSense when it's behind the DMZ

    10
    0 Votes
    10 Posts
    2k Views
    johnpozJ

    Vlan ;)

  • Solution for Playstation 3 and 4 to address NAT 3 mode

    Moved
    6
    0 Votes
    6 Posts
    4k Views
    johnpozJ

    Your going to have a hard time behind a double nat maintaining static ports..

    Napt by its nature changes the source port when you make an outbound connection. This can be overcome with with setting static port in your oubound nat on pfsense. But your router in front of pfsense would also have to maintain this static port..

    Many services in these console games (for some unknown reason like to see static ports) ie connection coming from specific port.. So lets for example say you create an connection to publicIP:80 from privateIP:2000

    Normally with nat (napt) you have this

    privateIP:2000 ---> publicIP:80 (pfsense) YourPublicIP:RandomPort ----> publicIP:80

    To get some of these applications/games to work you have to setup outbound nat to be static so you get this.

    privateIP:2000 ---> publicIP:80 (pfsense) YourPublicIP:2000---> publicIP:80

    If you put a nat device in front you normally get this.

    privateIP:2000 ---> publicIP:80 (pfsense) otherprivateIP:RandomPort ----> publicIP:80 (nat router) YourpublicIP:SomeOtherRandomPort ----> publicIP:80

    What you mignt need to happen is this.

    privateIP:2000 ---> publicIP:80 (pfsense) otherprivateIP:2000 ----> publicIP:80 (nat router) YourpublicIP:2000 ----> publicIP:80

    This is just an example of problem you can have with double nat and such services that for whatever reason want to see some specific sourceport.

    So is pfsense the only thing doing nat? What is your outbound mapping look like?

  • Mulitple Xbox Ones

    4
    0 Votes
    4 Posts
    2k Views
    T

    Each Xbox have a different hostname.

  • Steam, Uplay and missing logs

    4
    0 Votes
    4 Posts
    1k Views
    T

    What I did was to create an alias for each game/game service, with all their port numbers, for the firewall, then created a rule using each, to keep things tidy and easy to change per service if they change ports.  I tested with that only, no snort or squid or anything else.  Once all was working correctly, I then added squid and squidguard.  Once that was tuned, I added snort and tuned that up.  If I had put all three in there at once I would never have been able to figure out just what was doing what if something wasn't working.  So I would disable Suricata or set the default allow-all out the firewall lan interface, and test.  If it works, at least you have narrowed it down to what you had disabled, firewall rules or Suricata.

  • PC xbox networking open NAT HELP NEEDED

    2
    0 Votes
    2 Posts
    1k Views
    T

    Hello,

    Try to separate your alias xboxgroup (do a alias for each one).
    Disable your rule prioritizing.
    Create ACL for UPnP

    It's works for me with 2 Xbox One, except for Warframe game.
    Test with this configuration (copy/paste from an other post)

    I have manies issues with Warframe on 2 Xbox on the same ISP (only 1 public IP address).
    In Warframe, I can't invite a friend to join me.
    At the best, only 1 Xbox can see the other player, launch a invit but an error message tell "The player is offline).

    All the network test on Xbox is OK : (Internet, Multiplayer and NAT Open)
    I try with other game (Rocket League and Warhammer Vermintide) without problem.

    I use PFsense 2.4.3-RELEASE (amd64)

    Firewall / NAT / Outbound

    Mode : Manual Outbound NAT

    Interface : WAN
    Source : Xbox1 (alias for 192.168.0.16)
    Port Source : any
    Destination : any
    Port Destination : anay
    NAT Address : WAN
    NAT Port : any
    Static Port : YES

    Interface : WAN
    Source : Xbox2 (alias for 192.168.0.17)
    Port Source : any
    Destination : any
    Port Destination : anay
    NAT Address : WAN
    NAT Port : any
    Static Port : YES

    Services / UPnP & NAT-PMP

    Enable UPnP & NAT-PMP

    Allow UPnP Port Mapping

    Allow NAT-PMP Port Mapping

    External Interface : WAN

    Interface : LAN + loopback

    ACL Entries : allow 1-65535 192.168.0.16 1-65535

    ACL Entries : allow 1-65535 192.168.0.17 1-65535

    System / Advanced / Firewall & NAT NAT Reflection mode for port forwards : Pure NAT Enable NAT Reflection for 1:1 NAT Enable automatic outbound NAT for Reflection Firewall / NAT / Port Forward

    Nothing, because I activate UPnP

    Actually, I must use the bad ISP-box only for Warframe ;-)

    Regards,

    Aym

  • Factorio Headless Server Connection

    5
    0 Votes
    5 Posts
    7k Views
    G

    The part that is missing is the outbound NAT.  The Factorio server is a client to the factorio pingpong servers that are used for NAT punching(1).  The source ports when talking to these pingpong servers must not be mangled, so an outbound NAT rules is needed to prevent this (PFSense mangles ports by default).  Just got all this working today.

    Firewall/NAT/Outbound:

    Outbound NAT Mode: Hybrid Outbound

    Add this mapping:

    Interface: WAN
    Source: <internal address="" of="" your="" server="">Source Port: udp/34197
    Destination: *
    Destination Port: udp/*
    NAT Port: *
    Static Port: YES

    (1) https://www.factorio.com/blog/post/fff-143</internal>

  • [Consoles need] static port on outbound NAT

    5
    0 Votes
    5 Posts
    3k Views
    jimpJ

    I split this off into its own thread, since it not at all specific to the Switch which was the topic of the original post.

  • Split game bandwith, download and browsing

    2
    0 Votes
    2 Posts
    1k Views
    R

    Firewall -> Traffic Shaper -> Wizards

    Explore that menu.

  • Gaming time out every 2 hours on the dot…

    8
    0 Votes
    8 Posts
    3k Views
    R

    @AndroBourne:

    I havn't had a chance to test it with many other games. But I've been playing Ark a lot lately and noticed that I keep getting time outs. I'll run a continous ping check and time it. Every 2 hours on the dot I get a row of 4 packet loses in a row and my Ark client times out.

    I have troubleshooted local hardware, including switch and NIC etc… I left the continous ping running all day long and came back to a 0% packet loss. It seems to only happen when I'm playing Ark.

    I have it feeling it might have to do with how packets are handled. I'm trying to set my NAT from auto to manual and see if that makes a difference. But while I'm testing that... anyone else have any recommendations?

    And yes. I have the game ports forwarded.

    By any chance does your DHCP lease reset every two hours?  It shouldn't be disconnecting you but something to consider.

  • Firewall rules for BF4

    6
    0 Votes
    6 Posts
    2k Views
    N

    @Thierry69:

    Have made it working, I publish my rules if somebody is interested on it …
    Cheer,

    Works for the servers you are playing on, I see many using ports not in your rules.

    20167, 19777, 47200, just to name a few. Again BF4 Server port can be anything.

  • Dolphin Emulator + UPnP not working

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Steam Caching update games

    4
    0 Votes
    4 Posts
    3k Views
    M

    Perhaps not the exact answer any of you are looking for but this works and works well and is relatively easy to get going:
    https://github.com/RyanEwen/lan-cache-docker

    I've tested it with:
        Steam
        Origin
        Uplay
        Blizzard (Including Destiny 2)
        League of Legends
        ArenaNet (Guild Wars 2)
        Frontier (Elite Dangerous)
        Microsoft (Windows Updates)

    Simply setup an Ubuntu Server 16.xx Server without the LAMP option (you'll need to disable Apache if you do, it will intercept port 80), I suggest choosing the OpenSSH server, is easier to paste commands from another PC with PuTTY etc.
    Once the server is installed simply follow the setup instructions here https://github.com/RyanEwen/lan-cache-docker/wiki/Setup-instructions.
    Set the IP of this new lan-cache server as your DNS server instead of using pfSense for DNS.

    Trying to shoehorn nginx, sniproxy and the way dnsmasq is used for hijacking the various Game CDN names into pfSense is well beyond my abilities.

  • Dolphin Netplay with pfsense

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • UDP Port problems

    5
    0 Votes
    5 Posts
    1k Views
    M

    I have gone straight to the manual on the disc I have the correct ports.

  • Looking for IP-List or Port list for PUBG

    2
    0 Votes
    2 Posts
    3k Views
    M

    This is what I use, In general works for all steam games.

    27000:27015  Game Client Traffic
    27016:27030  Matchmaking
    27031:27036  Streaming
    3478:3479      Voice
    4380              Voice

  • Game update problem

    2
    0 Votes
    2 Posts
    763 Views
    CybermazeC

    Ignoring that you are running a fairly old version of pfsense.

    The rule you have setup for your game has several problems:

    1. It is limited to udp and tcp traffic, but the game updater might use ping requests to check if a host exists, pinging use the icmp protocol (but that would also take place on another port, so it would still not pass by this rule).
    2. The rule only passes for a single port? Are you sure the game updater only uses that one port? If not the traffic is split between your WANs, that is usually a problem since the host server expects traffic to come from the same source IP, not from different.

    Basically, I have not reason to think that your current setup should work at all.

  • Multiple PS4s, Cant get Nat 2 on both consoles.

    4
    0 Votes
    4 Posts
    2k Views
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.