UPnP Fix for multiple clients gaming - not working in 23.01?

solarizde

Hey,

because the topic got locked I refer to the old in this new topic.

• UPnP Fix for multiple clients/consoles playing the same game

We had a gaming Event with 12 PS5 playing the same game, I actually planned to give it a try on the pfSense because the topic said fixed. We were Running on 23.01 setup quite simple, all Gaming Consoles in one VLAN with static DHCP Mappings.

First try was as stated in the topic: No manual static Port NAT, just kept it on Auto NAT. Enabled UPnP and allowed ranges 53-65535 for the consoles. Also allowed inbount traffic from that console VLAN to the Firewall mostly because of miniupnp:2189 requests.

So far so good, I could see miniupnp running and doing it`s job - first Console showed NAT Type 2 directly. But all other Consoles only got NAT Type 3.

Game could run but with NAT Warning only 1st console was able to pin the hole.

Debug of that showed that miniupnp still have the issue if two devices request the same port it doesnt do a correct binat translation and refuse any other requests:

miniupnpd 53147 - - SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
miniupnpd 53147 - - HTTP REQUEST from 10.160.0.108:51056 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd 53147 - - Host: 10.160.0.1:2189
miniupnpd 53147 - - SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd 53147 - - AddPortMapping: ext port 9308 to 10.160.0.108:9308 protocol UDP for: 10.160.0.108:9308 to 9308 (UDP) leaseduration=0 rhost=
miniupnpd 53147 - - UPnP permission rule 1 matched : port mapping accepted
miniupnpd 53147 - - port 9308 UDP (rhost '') already redirected to 10.160.0.109:9308
miniupnpd 53147 - - Returning UPnPError 718: ConflictInMappingEntry

So in the log from above we have Console #1 at 10.160.0.109 getting the mapping of Port 9308 and console #2 at 10.160.0.108 got a UPnPError 718: ConflictInMappingEntry

The ruleset looks fine:

# grep miniupnpd /tmp/rules.debug
binat-anchor "miniupnpd"
nat-anchor "miniupnpd"
rdr-anchor "miniupnpd"
anchor "miniupnpd"
pass in  on $160_gaming proto udp from 10.160.0.0/24 to 239.255.255.250/32 port 1900 ridentifier 1000115892 keep state label "pass multicast traffic to miniupnpd"

The Second try was to add a Hybrid NAT rule with static port mapping as used "in the past". This gave all Consoles a "Type 2 NAT" in Network Testing but later did not allowed to join any games and just gave random errors in the games.

So is there anything I`m missing or is the Problem actually not as solved as the Topic suggested?

Thanks for hints!

jowilhnson

@solarizde Did you ever get any answer to this, or find a solution? I just upgraded to CE 2.7 mainly for the same reason, seeing that this issue had supposedly been fixed.

If I try the suggested "no need for outbound, static mapping, etc" only the first PS5 gets Type 2, the next gets Type 3.

Trying to re-enable my old settings is actually worse, with one console getting Type 2, then the next getting "failed".

I keep searching and reading, but find conflicting information and no resolution that has worked so far.

solarizde

@jowilhnson Nah I gave up using pfSense for Gaming Console purpose. It's sad that even at netgate nobody cares.
Just coming back from Gamescom where we had several booth using netgat ein the past now switched to another solution because of the consoles. Sad :(