Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    UPnP & Static NAT but still NAT: Moderate CoD BO2?

    Gaming
    2
    5
    1346
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfBasic Banned last edited by

      I've set the machine I use Steam on to a static IP, and given it and only it UPnP:

      Enable UPnP
      Allow Port Mapping
      External: WAN
      Interface: Guest LAN
      Traffic Shaping: qGames
      Log Packets
      Uptime
      Default Deny
      ACL Entry: allow 1024-65535 192.168.16.7 1024-65535 (I initially tried 1-65535 on both, but it was still Moderate)

      Outbound NAT Rule:

      WAN
      TCP/UDP
      SOURCE: Network, 192.168.16.7/32
      Destination: any 3074:3076
      Translation: Interface Address
      Static Port

      I flush the states, and restart the game and still at NAT: Moderate

      What else is there to do?

      1 Reply Last reply Reply Quote 0
      • D
        Double K last edited by

        This sounds eerily similar to this topic: https://forum.pfsense.org/index.php?topic=124988.0

        What port(s) is your PC getting in Status/UPnP when running CoD?  3074?

        When you first start CoD - do you see 1 entry in your firewall log on the WAN interface with a Block of an unsolicited inbound packet from a demonware server on port 3075 to your public IP address on port 3076?  If so, add an inbound port forward for 3076 to your PC (along with the associated firewall rule).

        Also, don't limit your outbound nat rule to only port 3074:3076 on the destination…leave that port field blank.

        1 Reply Last reply Reply Quote 0
        • P
          pfBasic Banned last edited by

          Thanks, I see one from 3075 to 3074 getting blocked, assume that's no different. So inbound port forward to 3074 on the PC and a firewall rule? I'll try that!

          1 Reply Last reply Reply Quote 0
          • P
            pfBasic Banned last edited by

            Still Moderate, however, on Status / UPnP there is nothing.

            What am I doing wrong there?

            1 Reply Last reply Reply Quote 0
            • D
              Double K last edited by

              Probably be good to post some screen shots of your config.

              Step 1. DHCP Static Mapping
              Step 2. Outbound NAT rule & mapping order (put it at the top)
              Step 3. NAT Port forwards
              Step 4. UPnP Config
              Step 5. Firewall rules

              At a minimum, your firewall rules should allow traffic to port 1900 for the uPnP SSDP discovery broadcast, and to port 2189 to talk to the miniupnpd server

              Also, to diagnose this, you can either do a Diagnostics - Packet Capture on your PC and comb through the capture to map out your traffic OR setup a Floating Match rule to log all traffic in & out of your PC into the firewall log.  Then correlate those to WAN block/pass events.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy