NAT Type 3 on PS4 - I've tried everything I can think of
-
Not sure if it will help, but I found this:
http://www.playstationlifestyle.net/2014/02/08/possible-ps4-firmware-upnp-bug-and-workaround/
Seems like a plausible cause, but I've ran the network connection test and it always comes back with a type3.
On another note, I've purchased another nic and it got here last night. In the meantime, I think I'm just going to put it on it's own network and make it a DMZ and run the PS4 from there for the time being. Definitely not how I want to run my network, but I'm tired of switching over to an old router router every time I play on the PS4.
-
When you look at the dashboard of your pfsense, is the WAN IP a public or private IP?
-
When you look at the dashboard of your pfsense, is the WAN IP a public or private IP?
I'm not sure where it says that exactly…
-
Upper right hand corner.
It will say WAN interface IP.
What is that IP?
Its a number like 173.213.81.1 or something…
-
The reason I'm asking about that IP is because if its private, like 192.168.1.1, then you are Double NAT and nothing you do is going to work properly.
You would need to make your modem pass a public IP to pfsense WAN.
-
Oh! I misunderstood your first question. My modem is set in bypass mode, it does not do anything firewall or routing related.
The reason I'm asking about that IP is because if its private, like 192.168.1.1, then you are Double NAT and nothing you do is going to work properly.
You would need to make your modem pass a public IP to pfsense WAN.
-
OK - So then you have verified that the the pfsense wan has a public IP?
-
OK - So then you have verified that the the pfsense wan has a public IP?
I haven't made it homs yet, but I'm certain it does. I use dyndns to maintain remote access to it.
-
The reason I want to check that is because unless you are running multiple LAN segments, with uPNP up, this should be simple. Unless its double NAT
-
So I've been scratching my head on how to get this to work. I've followed the guide and I would get a NAT2 on the PS4 but unfortunately I cannot connect to any online games. These are my settings as followed and I am on Pfsense 2.2 with Hybrid on.
Mappings.
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN GameConsoles * * * WAN address * YES
VPN1 10.11.1.0/24 * * * VPN1 address * NO*Game consoles is an alias for my IP's for the consoles (xbox one and ps4)
Automatic rules:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN 127.0.0.0/8 10.11.1.0/24 10.10.21.0/30 * * 500 xxx.xxx.xxx * YES Auto created rule
WAN 127.0.0.0/8 10.11.1.0/24 10.10.21.0/30 * * * xxx.xxx.xxx * NOAny suggestions?
-
Where did you get the idea to use static on your outbound nat for every single port? That makes NO SENSE as setting, and will surely break stuff!
"I haven't made it homs yet, but I'm certain it does. I use dyndns to maintain remote access to it. " Sorry but dyn dns doesn't mean that pfsense has a public IP.. Sorry but most setups uses end up being behind a double nat.. Unless you have specifically setup the device from the isp in bridge mode, or have actual just cable modem and not a gateway like they like to hand out when they sign you up for tripleplay, etc. etc.
Have you validated that you are seeing UPnP request to pfsense via sniff?
-
Missed some replies here, but was thinking about this topic after I switched from things around in my own setup.
Reason is that I wanted to control the YouTube app on the PS4 from my iPad, but also connect the PlayStation app to my PS4.I plugged the PS4 into my switch, which has the uplink from my pfSense box, and gave is the IP address 192.168.1.60.
Then I edited the Rules for each of the ports opened for 192.168.2.10 (old IP address of PS4 in seperate subnet/DMZ) and changed the IP address to the new one.I then added a NAT rule to allow Static Port on 192.168.1.60, and placed that line above the 192.168.1.0/24 line.
And I got NAT2 on the PS4 again.To johnpoz, why wouldn't you enable Static Port for every port from the specific IP address of the PS4?
After months of playing Destiny like this I yet have to see anything break. -
You sure and the hell do not need static ports for every single port that is ever in use.. And since you have multiple machines behind your 1 public IP that all share ports.. How could you possible think you wouldn't run into a problem? Machines do not know what the other machines are using..
So for example you have machine 1 that creates source port 5012 to 80 on some website.. What if machine 2 just happens to be using source port 5012 for 1 of its connections?
The configuration is just not valid for use on a system that is using PNAT that has more than 1 machine behind the nat..
-
I see what you mean. Will see if I can set it up more tightly.
Even if it's just to see if I can get it working by myself.But even then, in my situation the possibility of both my PS4 and my iPad using the same source port at the exact same time would be a big coincidence. But it can happen.
-
there is nothing in the consoles that should even require static source port to be honest. But the more devices you have behind the PNAT the more likely you are to run into the problem.
Its really an invalid sort of setup no matter how you look at it. The whole design of napt is to allow the natting device to use source ports on its public that are open, if you try to set it up so that every connections source has to be used on the public side has to match the source on the private your asking for connection issues.
The other problem with the with ps line and xbox is the port information they provide is horrific - they list ports and don't actually state what is needed outbound and inbound. It makes it look like they all need to be inbound - which clearly is not the case, for example they list 53 – you sure an the hell do not need that inbound to your ps4
-
True, but in my case it's being lazy. Getting the whole static port and why not to use it better now.
Never gave it much in dept thought, and was more thinking about Inbound traffic. Whats going out in that case doesnt concern me, or the how.Don't I ever looked up the ports and information for Xbox, but for the PlayStation it's a mess.
Luckily Bungie (Destiny) does state what is needed for Inbound and Outbound for their game.
Except I still don't know why both the console and game want ports 80 and 443 Inbound.
It works fine without for about half a year now (I started in the beta of Destiny).Xbox needing port 53 Inbound is the same for PS wanting ports 80 and 443 in.
It's not like the consoles run a DNS or webserver? -
"Except I still don't know why both the console and game want ports 80 and 443 Inbound."
They don't - one thing I will agree with is the documentation of what games or features need what is completely lacking in useful details for anyone to use.. You sure and the hell do not need inbound port 80 to your xbox. And that would be broken on vast majority of isp in the first place since most of them block inbound to 80 - because your NOT allowed to run servers, etc..
I had buddy sniff his traffic, and the only port needed inbound was that 3074 port.. 88 was used outbound to auth on.. Didn't see any other ports in the sniffs.
A simple look at the sniffs from pfsense diag with your consoles IP address as the filter will tell you exactly what would be needed…
Lazy in what -- breaking stuff.. You do not need static source ports for anything console games that I could ever think of.. Its just never going to be designed to work through 99% of home routers... You thinking that fixed anything is just not likely.. I can only think of a few things that might need this, like IKE with udp 500 back in the day. Today that should not be required.
-
It was more a retorical question to myself :-)
For PlayStation I know they do use from extra ports.
Havent sniffed it's traffic yet, but for example Party chat with headsets really needs a certain (or mulitple, I forgot) ports Inbound open.
No doubt Outbound as well to set things up.And as for NAT type 2 (Open NAT? for Xbox) it needs Outbound port(s) open too.
When I have this set up more nicely, I will try to check the logs more closely. -
Why would not ALL ports be open outbound?? This is a home connection, I see no reason what so ever to block outbound traffic on any port that my console might need.. The default lan rule is any any..
While yes if you are doing any voip IP stuff then I would assume some sort of inbound port prob used, 5060 would come to mind. If talking xbox - isn't it support to use ipv6 which makes all the nat problems go away?
If having issues with xbox I would look to getting ipv6 working!
-
IPv6 it's not offered by my ISP yet.
All ports are open outbound, except not with Static Port (as by your recommendation).
And that I need to get a NAT Type 2 or Open NAT.What I am doing right now, is letting the ports needed by the PS4 and the game allow the use of Static Port on Outbound traffic.
Or at least, I am in thr progress of setting it up and then testing.
