UPnP not allowing multiple PS4s.
-
Bump
For those curious, I will be documenting everything on this subject until it is resolved.
When the situation is solved, if its by my hands, will be posted and documented here as well.I love pfSense and want to see it grow to be the perfect firewall for homes too!
If anyone needs any other documents or information please ask. I will provide it as soon as i can.
I intend to complete this post in all its entirety to help those in the future diagnose these set of problems as well. Unless this is an actual bug and an update is required. (of which i will post that as well.)
FYI, if this post takes much longer, i may end up trying to post it on the issue tracker for pfSense. Just thought i'd try here before bothering the developers with this.
-
Did you ever get this resolved?
-
Negative. Still on the search for a solution.
-
I'm having the same issue with two PS4s. Here's to hoping that v2.4 somehow fixes this…
-
Agreed.
Like i said, to anyone that is monitoring this thread, the EXACT moment i come across a fix for this situation, I will be sharing it here. Whether it be a pfsense update, or, some other method, that will be described here.
Where I work, I have this posted on the office job board to always remind me that this problem still exists. The reason why, we are interested in sharing pfsense with residential customers, but, at this time, we cant because a lot of residential customers have multiple consoles and feel it would negatively impact us because of our recommendation of it, in its current state.
-
I have the same issue with 2.4.2.
I have 2 ps4s and only the first one gets upnp with nat 2
The second to boot up shows nothing in upnp and gets nat type 3.
Both are configured with hybrid nat and static ports (pure nat).
Even tried a 3rd nic and different subnet but still have the same results.
Other routers seem to do fine but I really want this to work on pfsense.
Anyone ever get this figured out ?? -
I have 4 PS4s connecting via upnp, Nat 2
I dont have the games you do to test but all 4 get Nat 2 running the network test in the PS4 OS.
I did find that using Nat reflection stopped multiple consoles using upnp for me.
I also only use outbound Nat static port for the consoles not the entire network.
I do believe a better implementation of upnp is needed as development for the current version seems to be pretty much non existent according to the git, and pfSense seems to be using an older version
-
The NAT reflection shouldn't be needed here. This is primarily used so that a host on the inside of the network can connect to a service that you have port forwarded through, such as a web server. If it were me, and I was trying to get this to work, I'd disable that option entirely.
My $0.02, for whatever its worth.
-
"pfsense is the only firewall that I've used that randomizes source ports in that way"
You do not understand how NAPT works then… If you did not change the source port and used static source ports on the outbound you would constantly run into problems with multiple clients behind a single IP... You only have the 65k possible source ports to work with per IP... So if you had multiple clients all making outbound sessions to stuff on the internet with all the clients using random ports above 1024.. Client A happens to pick source port 2048 to talk to www.google.com 443... And client B just happens to use that same source port in some session its using to www.yahoo.com how would the NAPT handle that..
If you only had a couple of devices you might not run into the problem very often.. But what if you have 100 clients, or 1000 - how often do you think you would run into a problem with clients source ports stepping on each other..
NAPT has always be designed to change the source port on the outbound connection.. Why its called Network Address PORT Translation… Setting your whole network for outbound nat to use static ports is BORKED plain and simple...
That any game would need static source port is beyond stupidity... And limits the number of clients that could work from the same IP maybe that is what they are trying to prevent? You should set static ports in your outbound ONLY On the specific applications that might require it.. Say ISAKMP which uses UDP 500..
If game X need source port XYZ, how is console A going to use the same source port and console B when you only have 1 public IP? If the game doesn't care if its the same source port then you can set console A to be static and console B to use static.. But will be stop pfsense from changing the source port on the outbound connection.. But they would not be able to use the same port.. Setting your whole network to try and be static is going to cause issues - the more clients the more likely it will be to run into problems.
-
Sorry, I should have been more clear. When I said this:
"pfsense is the only firewall that I've used that randomizes source ports in that way"
What I meant was that pfsense randomizes the source port all the time, even if the original source port is available. So, for example, if I make a TCP connection outbound sourcing from port 17210, pfsense will change that to something else, even if port 17210 is not currently in use on the outside interface. Linux doesn't do this. Cisco doesn't do this. On those platforms if the source port is available, that's the one you get. If the port is not available, because something is already using it, then, and only then, is the source port translated.
I was mistaken with how the static port option worked. I was under the impression that it disabled the 100%, all the time, randomization of source ports, even when it wasn't necessary, but, still changed the source port when it was already in use. It seems, based on some quick VM testing, that this isn't the case, so I'll go edit my previous reply.
edit: so, turns out, if it can't accomodate the source port, because static port is enabled, what it does is just ship the packet out the outside interface without doing any translation at all.
edit2: actually, it only sends out the packet without nat if the destination IP and port are the same. If they're different it will send out nat'ed packets, from two different inside hosts, using the same source port. Interesting.
-
Hello,
I Have the same issues with 2 Xbox One.
The NAT is open for Xbox Live, but not possible to join a session in warframe (no probleme with rocket league).https://forums.warframe.com/topic/949122-no-coop-for-2-xbox-same-isp/
