UPnP & Static NAT but still NAT: Moderate CoD BO2?

  • Banned

    I've set the machine I use Steam on to a static IP, and given it and only it UPnP:

    Enable UPnP
    Allow Port Mapping
    External: WAN
    Interface: Guest LAN
    Traffic Shaping: qGames
    Log Packets
    Default Deny
    ACL Entry: allow 1024-65535 1024-65535 (I initially tried 1-65535 on both, but it was still Moderate)

    Outbound NAT Rule:

    SOURCE: Network,
    Destination: any 3074:3076
    Translation: Interface Address
    Static Port

    I flush the states, and restart the game and still at NAT: Moderate

    What else is there to do?

  • This sounds eerily similar to this topic: https://forum.pfsense.org/index.php?topic=124988.0

    What port(s) is your PC getting in Status/UPnP when running CoD?  3074?

    When you first start CoD - do you see 1 entry in your firewall log on the WAN interface with a Block of an unsolicited inbound packet from a demonware server on port 3075 to your public IP address on port 3076?  If so, add an inbound port forward for 3076 to your PC (along with the associated firewall rule).

    Also, don't limit your outbound nat rule to only port 3074:3076 on the destination…leave that port field blank.

  • Banned

    Thanks, I see one from 3075 to 3074 getting blocked, assume that's no different. So inbound port forward to 3074 on the PC and a firewall rule? I'll try that!

  • Banned

    Still Moderate, however, on Status / UPnP there is nothing.

    What am I doing wrong there?

  • Probably be good to post some screen shots of your config.

    Step 1. DHCP Static Mapping
    Step 2. Outbound NAT rule & mapping order (put it at the top)
    Step 3. NAT Port forwards
    Step 4. UPnP Config
    Step 5. Firewall rules

    At a minimum, your firewall rules should allow traffic to port 1900 for the uPnP SSDP discovery broadcast, and to port 2189 to talk to the miniupnpd server

    Also, to diagnose this, you can either do a Diagnostics - Packet Capture on your PC and comb through the capture to map out your traffic OR setup a Floating Match rule to log all traffic in & out of your PC into the firewall log.  Then correlate those to WAN block/pass events.

Log in to reply