Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot specifiy source IP when creating manual outbound static NAT

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 989 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mrskot
      last edited by

      Setup:

      2.2.4-RELEASE (i386)
      built on Sat Jul 25 19:56:41 CDT 2015
      FreeBSD name.domain 10.1-RELEASE-p15 FreeBSD 10.1-RELEASE-p15 #0

      Dual core Atom with 2gigs Ram and 120gb ssd

      Packages Installed:

      • Snort
      • pfBlockerNG
      • Cron
      • Squid3
      • Using DNS Forwarding instead of the resolver

      Problem:

      My son plays PS4 and it's reporting NAT3, which doesn't allow him to communicate with friends using in game voice chat.

      I did some digging and Playstation Network doesn't appreciate port randomization.

      I found the instructions here https://doc.pfsense.org/index.php/Static_Port for setting up static port outbound NAT.

      When I reached this line in the doc " Edit the rule so it only covers the source IP of the device that needs static port, and any other required settings. "  I noticed the interface does not allow for entry of a single IP address.

      The options I'm given in the copied rule for the SOURCE -> NETWORK dropdown are:  (Screen capture attached)

      • Any
      • This Firewall (self)
      • Network

      Any idea how to specify a single LAN IP in the source portion of the rule? I tried different combinations of interface and protocol thinking it might trigger a change in the dropdown.

      I was tempted to create the rule, move it, then root around in the shell looking for a file I could manually edit.

      Any insight is appreciated.

      ![Screen Shot 2015-08-14 at 3.36.02 PM.png](/public/imported_attachments/1/Screen Shot 2015-08-14 at 3.36.02 PM.png)
      ![Screen Shot 2015-08-14 at 3.36.02 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-14 at 3.36.02 PM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • M Offline
        mer
        last edited by

        An IPV4 Network address with a netmask of 32 is a single IP, no?  Did you try selecting Network, then for the address specify the single IP you want, then the netmask dropdown, select 32:

        192.168.1.1/32 is a network address of 192.16.1.1 only.

        192.168.1.0/24 is a network address covering 192.168.1.0 to 192.168.1.255.

        Netmask is your friend.

        1 Reply Last reply Reply Quote 0
        • M Offline
          mrskot
          last edited by

          That worked!  Thank you so much for the help.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.