Port Forwarding Warzone behind ISP Router

CMOS_BATTERY

I have all my ports setup on the NAT port forward tab. Still though I'm getting that my in-game NAT type is Strict. I cant disable the NAT on the ISP device but I'm sure to assume there is something I can do or something I have failed to do properly. My issue is, I'm just not too sure so far what it is.
I have also attempted going to the ISP device and forwarding the ports to the WAN address of the pfSense device in hopes it would flood the routes and my PC on the LAN side would trigger them when the game connects to the open network.

mcury

@cmos_battery said in Port Forwarding Warzone behind ISP Router:

I have all my ports setup on the NAT port forward tab. Still though I'm getting that my in-game NAT type is Strict. I cant disable the NAT on the ISP device but I'm sure to assume there is something I can do or something I have failed to do properly. My issue is, I'm just not too sure so far what it is.
I have also attempted going to the ISP device and forwarding the ports to the WAN address of the pfSense device in hopes it would flood the routes and my PC on the LAN side would trigger them when the game connects to the open network.

Check if the links below can help you:
https://docs.netgate.com/pfsense/en/latest/recipes/games.html
https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#nat-staticport

KOM

@cmos_battery I think for the big consoles you need to set static ports via the Outbound NAT rules. By default, WAN uses dynamic ports.

CMOS_BATTERY

@kom

I will try it, I’m on Pc but I assume there’s very little difference.

CMOS_BATTERY

@mcury

So if I redirect the ports to say HTTP or any of the others, they open. If I use the opening port number in the "from section:" they stay closed. a bit confusing but I guess it works.

mcury

@cmos_battery said in Port Forwarding Warzone behind ISP Router:

"from section:"

Where do you see the "from section:" ?

I would do the following:
1 - Put the ISP device in bridge mode (I know you said that you can't, unfortunately)
2 - Create a port forward to your gaming PC using the game port
3 - Create a static NAT outbound for the gaming PC and put it above the network dynamic NAT rule.

In your situation in which you can't put the ISP device in bridge mode, I would check this device configuration to check what else can be done..
The static NAT outbound configured in pfsense could not work as the ISP device would use a random port anyway..

Some devices has a DMZ kind of thing that works, but sometimes it doesn't work as it performs a NAT to inside, 'natting' the source IP..

CMOS_BATTERY

@mcury

I do have the option to create a DMZ like mentioned. If I put the WAN address of the pfSense sever would it be cured to port forward but left exposed for snoopers.

mcury

@cmos_battery said in Port Forwarding Warzone behind ISP Router:

but left exposed for snoopers.

pfsense is a firewall, it should be facing the public internet..
Also, the port will only answer when the game is open.

CMOS_BATTERY

@mcury

Ok cool, so I’ll try putting the WAN address on the DMZ zone and see how that goes.

mcury

@cmos_battery Make sure you don't have firewall rules for the WAN interface, and everything will be blocked.

After you create the port forward, a firewall rule will be automatically created to allow this connection.

CMOS_BATTERY

@mcury
Thanks for the help but no luck. Ill just give up on the box preforming a port forward. I'm moving soon but wanted to get some better game performance without all the packet losses. I will be thrilled to have a better ISP provider than the local one here or the other terrible option of Spectrum.