The part that is missing is the outbound NAT.  The Factorio server is a client to the factorio pingpong servers that are used for NAT punching(1).  The source ports when talking to these pingpong servers must not be mangled, so an outbound NAT rules is needed to prevent this (PFSense mangles ports by default).  Just got all this working today.

Firewall/NAT/Outbound:

Outbound NAT Mode: Hybrid Outbound

Add this mapping:

Interface: WAN
Source: <internal address="" of="" your="" server="">Source Port: udp/34197
Destination: *
Destination Port: udp/*
NAT Port: *
Static Port: YES

(1) https://www.factorio.com/blog/post/fff-143</internal>

I split this off into its own thread, since it not at all specific to the Switch which was the topic of the original post.

Firewall -> Traffic Shaper -> Wizards

Explore that menu.

@AndroBourne:

I havn't had a chance to test it with many other games. But I've been playing Ark a lot lately and noticed that I keep getting time outs. I'll run a continous ping check and time it. Every 2 hours on the dot I get a row of 4 packet loses in a row and my Ark client times out.

I have troubleshooted local hardware, including switch and NIC etc… I left the continous ping running all day long and came back to a 0% packet loss. It seems to only happen when I'm playing Ark.

I have it feeling it might have to do with how packets are handled. I'm trying to set my NAT from auto to manual and see if that makes a difference. But while I'm testing that... anyone else have any recommendations?

And yes. I have the game ports forwarded.

By any chance does your DHCP lease reset every two hours?  It shouldn't be disconnecting you but something to consider.

@Thierry69:

Have made it working, I publish my rules if somebody is interested on it …
Cheer,

Works for the servers you are playing on, I see many using ports not in your rules.

20167, 19777, 47200, just to name a few. Again BF4 Server port can be anything.

Perhaps not the exact answer any of you are looking for but this works and works well and is relatively easy to get going:
https://github.com/RyanEwen/lan-cache-docker

I've tested it with:
    Steam
    Origin
    Uplay
    Blizzard (Including Destiny 2)
    League of Legends
    ArenaNet (Guild Wars 2)
    Frontier (Elite Dangerous)
    Microsoft (Windows Updates)

Simply setup an Ubuntu Server 16.xx Server without the LAMP option (you'll need to disable Apache if you do, it will intercept port 80), I suggest choosing the OpenSSH server, is easier to paste commands from another PC with PuTTY etc.
Once the server is installed simply follow the setup instructions here https://github.com/RyanEwen/lan-cache-docker/wiki/Setup-instructions.
Set the IP of this new lan-cache server as your DNS server instead of using pfSense for DNS.

Trying to shoehorn nginx, sniproxy and the way dnsmasq is used for hijacking the various Game CDN names into pfSense is well beyond my abilities.

I have gone straight to the manual on the disc I have the correct ports.

This is what I use, In general works for all steam games.

27000:27015  Game Client Traffic
27016:27030  Matchmaking
27031:27036  Streaming
3478:3479      Voice
4380              Voice

Ignoring that you are running a fairly old version of pfsense.

The rule you have setup for your game has several problems:

1. It is limited to udp and tcp traffic, but the game updater might use ping requests to check if a host exists, pinging use the icmp protocol (but that would also take place on another port, so it would still not pass by this rule).
2. The rule only passes for a single port? Are you sure the game updater only uses that one port? If not the traffic is split between your WANs, that is usually a problem since the host server expects traffic to come from the same source IP, not from different.

Basically, I have not reason to think that your current setup should work at all.

ah, I've fixed mine!  see this thread: https://forum.pfsense.org/index.php?topic=126746.msg772656#msg772656

This is totally a DenverCoder9 xkcd 979 reference.. I had same problem. You never posted back what solved yours!

Couple solutions:
http://www.vttoth.com/CMS/index.php/technical-notes/63#Appendix
https://www.waldonell.com/thoughts/articles/playing-multiplayer-starcraft-on-lan-with-multiple-subnets
A CISCO switch with 'UDP Relay/IP Helper' option to forward port 27036
Bridge the two networks
only use 1 subnet in first place

I ended up bridging the two… Don't need the security.

https://digiex.net/threads/pfsense-step-by-step-guide-to-multiple-xbox-ones-open-nat-play-together-2-3-x.15094/

Bones, I know it's been a few months but were you able to get port forwarding for COD sorted out?

If so how?

I'm currently beating my head against the wall trying to get an "Open NAT" in Black Ops 3. I have tried everything in the pfSense help pages but still no joy.

You can check your NAT status, in settings under network.

Disregard, suddenly started working

I found this solution, it works for me Somehow

https://www.youtube.com/watch?v=tApX5efOsSA

I have been having this same issue on and off again since the release of xbox ones. I tried having another crack at this over the weekend since I now have the latest dashboards on every xbox and can select which port to use instead of 3074.

The issue is the same, I have NAT Open on every box using all forms of NAT Reflection mode for port forwards, disabled, pure NAT and NAT + Proxy and have had Automatic create outbound NAT rules checked and unchecked. The issue is it works for most games but then there are a few that just refuse to multiplayer up. They can party and chat and play majority of the games.

Games like Warframe that don't connect with NAT Open just require you to set a manual outbound NAT with sticky port disabled. This will set the second xbox to NAT Strict and you will be able to play together. Once you switch games you can leave it and xbox 1 sticky and xbox 2 random port but this might affect matchmaking in other games if you don't switch back to sticky on both when not partied together.