Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UPnP not allowing multiple PS4s.

    Scheduled Pinned Locked Moved NAT
    14 Posts 9 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JasonJoel
      last edited by

      That is exactly how things are setup for my 2*XBOX One and it works fine (including both hosting games at the same time). I only have 1 PS4, so can't test that the same way as you can, but on 1st glance I would have set it up exactly the same as you did…

      1 Reply Last reply Reply Quote 0
      • T
        trinaryatom
        last edited by

        Added and updated more information.

        1 Reply Last reply Reply Quote 0
        • T
          trinaryatom
          last edited by

          Bump

          For those curious, I will be documenting everything on this subject until it is resolved.
          When the situation is solved, if its by my hands, will be posted and documented here as well.

          I love pfSense and want to see it grow to be the perfect firewall for homes too!

          If anyone needs any other documents or information please ask. I will provide it as soon as i can.

          I intend to complete this post in all its entirety to help those in the future diagnose these set of problems as well. Unless this is an actual bug and an update is required. (of which i will post that as well.)

          FYI, if this post takes much longer, i may end up trying to post it on the issue tracker for pfSense. Just thought i'd try here before bothering the developers with this.

          1 Reply Last reply Reply Quote 0
          • W
            Wayne.C1972
            last edited by

            Did you ever get this resolved?

            2.3.4-RELEASE-p1 (amd64)
            built on Fri Jul 14 14:52:43 CDT 2017
            FreeBSD 10.3-RELEASE-p19
            Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
            4 CPUs: 1 package(s) x 4 core(s)
            8GB Ram
            Watchguard XTM 5 series firewall

            1 Reply Last reply Reply Quote 0
            • T
              trinaryatom
              last edited by

              Negative. Still on the search for a solution.

              1 Reply Last reply Reply Quote 0
              • F
                frame389
                last edited by

                I'm having the same issue with two PS4s.  Here's to hoping that v2.4 somehow fixes this…

                1 Reply Last reply Reply Quote 0
                • T
                  trinaryatom
                  last edited by

                  Agreed.

                  Like i said, to anyone that is monitoring this thread, the EXACT moment i come across a fix for this situation, I will be sharing it here. Whether it be a pfsense update, or, some other method, that will be described here.

                  Where I work, I have this posted on the office job board to always remind me that this problem still exists. The reason why, we are interested in sharing pfsense with residential customers, but, at this time, we cant because a lot of residential customers have multiple consoles and feel it would negatively impact us because of our recommendation of it, in its current state.

                  1 Reply Last reply Reply Quote 0
                  • J
                    jnt5002
                    last edited by

                    I have the same issue with 2.4.2.
                    I have 2 ps4s and only the first one gets upnp with nat 2
                    The second to boot up shows nothing in upnp and gets nat type 3.
                    Both are configured with hybrid nat and static ports (pure nat).
                    Even tried a 3rd nic and different subnet but still have the same results.
                    Other routers seem to do fine but I really want this to work on pfsense.
                    Anyone ever get this figured out ??

                    1 Reply Last reply Reply Quote 0
                    • MORGiONM
                      MORGiON
                      last edited by

                      I have 4 PS4s connecting via upnp, Nat 2

                      I dont have the games you do to test but all 4 get Nat 2 running the network test in the PS4 OS.

                      I did find that using Nat reflection stopped multiple consoles using upnp for me.

                      I also only use outbound Nat static port for the consoles not the entire network.

                      I do believe a better implementation of upnp is needed as development for the current version seems to be pretty much non existent according to the git, and pfSense seems to be using an older version

                      1 Reply Last reply Reply Quote 0
                      • A
                        Adam2104
                        last edited by

                        The NAT reflection shouldn't be needed here. This is primarily used so that a host on the inside of the network can connect to a service that you have port forwarded through, such as a web server. If it were me, and I was trying to get this to work, I'd disable that option entirely.

                        My $0.02, for whatever its worth.

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          "pfsense is the only firewall that I've used that randomizes source ports in that way"

                          You do not understand how NAPT works then… If you did not change the source port and used static source ports on the outbound you would constantly run into problems with multiple clients behind a single IP... You only have the 65k possible source ports to work with per IP... So if you had multiple clients all making outbound sessions to stuff on the internet with all the clients using random ports above 1024.. Client A happens to pick source port 2048 to talk to www.google.com 443... And client B just happens to use that same source port in some session its using to www.yahoo.com how would the NAPT handle that..

                          If you only had a couple of devices you might not run into the problem very often.. But what if you have 100 clients, or 1000 - how often do you think you would run into a problem with clients source ports stepping on each other..

                          NAPT has always be designed to change the source port on the outbound connection..  Why its called Network Address PORT Translation… Setting your whole network for outbound nat to use static ports is BORKED plain and simple...

                          That any game would need static source port is beyond stupidity... And limits the number of clients that could work from the same IP maybe that is what they are trying to prevent?  You should set static ports in your outbound ONLY On the specific applications that might require it.. Say ISAKMP which uses UDP 500..

                          If game X need source port XYZ, how is console A going to use the same source port and console B when you only have 1 public IP?  If the game doesn't care if its the same source port then you can set console A to be static and console B to use static.. But will be stop pfsense from changing the source port on the outbound connection..  But they would not be able to use the same port..  Setting your whole network to try and be static is going to cause issues - the more clients the more likely it will be to run into problems.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • A
                            Adam2104
                            last edited by

                            Sorry, I should have been more clear. When I said this:

                            "pfsense is the only firewall that I've used that randomizes source ports in that way"

                            What I meant was that pfsense randomizes the source port all the time, even if the original source port is available. So, for example, if I make a TCP connection outbound sourcing from port 17210, pfsense will change that to something else, even if port 17210 is not currently in use on the outside interface. Linux doesn't do this. Cisco doesn't do this. On those platforms if the source port is available, that's the one you get. If the port is not available, because something is already using it, then, and only then, is the source port translated.

                            I was mistaken with how the static port option worked. I was under the impression that it disabled the 100%, all the time, randomization of source ports, even when it wasn't necessary, but, still changed the source port when it was already in use. It seems, based on some quick VM testing, that this isn't the case, so I'll go edit my previous reply.

                            edit: so, turns out, if it can't accomodate the source port, because static port is enabled, what it does is just ship the packet out the outside interface without doing any translation at all.

                            edit2: actually, it only sends out the packet without nat if the destination IP and port are the same. If they're different it will send out nat'ed packets, from two different inside hosts, using the same source port. Interesting.

                            1 Reply Last reply Reply Quote 0
                            • T
                              thunderman
                              last edited by

                              Hello,

                              I Have the same issues with 2 Xbox One.
                              The NAT is open for Xbox Live, but not possible to join a session in warframe (no probleme with rocket league).

                              https://forums.warframe.com/topic/949122-no-coop-for-2-xbox-same-isp/

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.