PfSense in DMZ, 1 Public IP, Multiple PS4/PlayStation 4 Strict NAT, UPnP Enabled
-
Dear Community,
Step by step I came closer to tame the monster PS4. Unfortunately, I've been stuck at the last step. The TL;DR is that I cannot get multiple PlayStation 4's to get a NAT Type 2 using the same public IP and using UPnP. Perhaps this is not even possible, so I hoped to get some experiences from fellow pfSense users.
Let me first describe my network set-up shortly:
ISP –-- ISP Router (DMZ) ---> pfSense --- VLAN X ---- Playstation 1/2/3/4
So there is a router from the ISP, and a router for the network. The pfSense router is set as DMZ from the ISP router.
All gaming consoles are in a seperate VLAN, but this should not really matter.The configuration:
Services -> UPnP- Enabled
- Allow UPnP Port Mapping Enabled
- Allow NAT-PMP Port Mapping Enabled
- External Interface WAN
- Interfaces (VLAN X selected)
- Override WAN address: WAN adres of ISP router
- Default Deny Enabled
- ACL Entries: lines of:
allow 1024-65535 172.20.6.x/32 1024-65535
Something Works! :)
If I check one PS4 console, test it network settings, it'll say "NAT Type 2". In the UPnP & NAT-PMP status table I'll see:
Port / Protocol / Internal IP / Int Port / Description
9308 udp 172.20.6.x 9308 172.20.6.55:9308 to 9308 (UDP)So far so good.
The Problem:
As soon as I try to use the second, third, whatever x ps4 console and use the same test, it'll show NAT Type 3. When I shortly disconnect the first PS4 and retest, the firstly connected console will have a Type of 2, and a corresponding rule in the UPnP status table.As such it appears that the entries get overridden and I can only use one console at a time for these online services.
Is this a common problem? Are there ways around this issue without needing to have multiple IP's? I'm specifically talking about the NAT Type issue, it is not a problem to let multiple consoles to internet at the same time.