Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Windows Defender and pfSense

    Scheduled Pinned Locked Moved NAT
    39 Posts 5 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nthly
      last edited by Nthly

      This post is deleted!
      N 1 Reply Last reply Reply Quote 0
      • N
        netblues @Nthly
        last edited by

        @nthly Keep both. They are complementary.
        On the other hand, not understanding the functionality of an enterprise grade firewall and using it is certainly a security problem.

        N 1 Reply Last reply Reply Quote 0
        • N
          Nthly @netblues
          last edited by Nthly

          @netblues True that. Sadly somewhere i may wish to start. Cost is a factor too. Thanks for the advice though.

          1 Reply Last reply Reply Quote 0
          • N
            netblues
            last edited by

            So, here is a good start
            https://www.netgate.com/docs/pfsense/book/

            N 1 Reply Last reply Reply Quote 0
            • N
              Nthly @netblues
              last edited by

              @netblues Thx, I've read the portion about port forwarding, and followed it. No luck, the NAT type stays strict. I assigned a static IP to my desktop as well. Yet NAT is still strict.
              Would any solution other than pfSense be more suitable to start learning the how-to?

              N 1 Reply Last reply Reply Quote 0
              • N
                netblues @Nthly
                last edited by

                @nthly Sorry, you can't just read nat and jump over everything else. Start from the start.
                Cutting corners won't cut it.
                And what exactly is strict nat? Work on the terminology to begin with.

                N 1 Reply Last reply Reply Quote 0
                • N
                  Nthly @netblues
                  last edited by Nthly

                  @netblues
                  According to https://www.cainetworks.com/support/how-to-NAT-strict-open.html, Microsoft defined three categories of NAT: open, moderate, and strict. Devices that perform strict or moderate NAT can limit the ability of gamers to find each other, participate in multiplayer sessions, or hear each other on Xbox Live.
                  Thx again for the suggestion.
                  Essentially, i believe, being behind a firewall would determine whether an NAT is of each given type. Generally the solution to it is port forwarding.
                  Similarly some wireless routers may determine the status of NAT type as per the above definition to be of a determined type up to until the port forwarding as modified.
                  I am also using an Xbox, and the only solution i could find is to dedicate an Ethernet card over a DMZ network, disabled all firewall rules, at which point the NAT type is open.
                  I donot wish to do so with my PC.

                  1 Reply Last reply Reply Quote 0
                  • GrimsonG
                    Grimson Banned
                    last edited by

                    https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html port forwarding issues are usually PEBCAK, so follow the guide carefully and you will find where the problem is located and/or what you did wrong.

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nthly
                      last edited by Nthly

                      Thank you. I will read and follow the guide as much as am capable of. Sometimes i find myself completely out of my element. Perhaps netblues has a point. I may be trying to use a too complicated of a software given my knowledge. LOL

                      1 Reply Last reply Reply Quote 0
                      • KOMK
                        KOM
                        last edited by

                        Not sure what the actual problem is. Windows Defender has nothing to do with NAT. Updates come via Windows Update which works perfectly with pfSense out of the box.

                        N N 2 Replies Last reply Reply Quote 0
                        • GrimsonG
                          Grimson Banned
                          last edited by

                          You do have Internet access, so you can research and learn anything you need to know. It's quite simple, if you want to do something right you need to put work into it.

                          N 1 Reply Last reply Reply Quote 0
                          • N
                            netblues @KOM
                            last edited by

                            And if only Microsoft would NOT come up with network definitions of its own..
                            In any case you haven't described any problem, so essentially there is no solution.

                            N 1 Reply Last reply Reply Quote 0
                            • N
                              Nthly @Grimson
                              last edited by

                              @grimson I agree.

                              1 Reply Last reply Reply Quote 0
                              • N
                                Nthly @netblues
                                last edited by

                                @netblues
                                LOL, Each one has their own definition, unfortunately.
                                I assume you are not a gamer, but correct me if i'm wrong.
                                As i understand it, the problem comes in while trying to match make for online gaming session. Being the NAT type strict or moderate prevents successful matchmaking, preventing party with friends, and considerably extending the time it may take to successfully ending in a match.

                                1 Reply Last reply Reply Quote 0
                                • N
                                  Nthly @KOM
                                  last edited by

                                  @kom The issue is that having a strict NAT Type according to the above definition can prevent (and or severely limit) joining online multiplayer gaming sessions.

                                  KOMK 1 Reply Last reply Reply Quote 0
                                  • N
                                    netblues
                                    last edited by netblues

                                    Start with the fact that windows defender has nothing to do with windows firewall features.
                                    You need to research what ports are needed.

                                    N 1 Reply Last reply Reply Quote 0
                                    • N
                                      Nthly @netblues
                                      last edited by Nthly

                                      @netblues

                                      the following are the ports used by the game.

                                      PC
                                      TCP: 3074, 27014-27050
                                      UDP: 3478, 4379-4380, 27000-27031, 27036

                                      I similarly created rules for the other ports, accordingly to the protocol type, however the NAT type is displayed as strict.

                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by johnpoz

                                        @nthly said in Windows Defender and pfSense:

                                        TCP: 3074, 27014-27050
                                        UDP: 3478, 4379-4380, 27000-27031, 27036

                                        And is there anything in front of pfsense? Does pfsense have public IP on its wan? Did you validate that all those ports actually get to pfsense.. Simple enough to do from out on the internet create traffic on those ports... Do they hit pfsense, do they get forwarded to where pfsense was told to send them.. If so then any issues your having has nothing to do with pfsense.

                                        Here is one thing I know for SURE... The documentation given by game makers for what ports are required for their games is very LACKING to put it nicely.. They almost never clearly state what ports are need to be allowed outbound and what are needed to be forwarded. I see for example 53 and 80 stated all the time.. You sure and the F are not going to be forwarding 53 inbound to your PC or console.. And 80 inbound is blocked by many a ISP so good luck getting your game to work if that is needed inbound..

                                        Does your NAT come up OK if you enable UPnP? If so look to see what ports are being opened..

                                        Part of the problems with many of these games is they need the source to match the dest port. So for example in your 3074 example the game might create a connection to 3074 outbound, from source port 3074... Out of the box pfsense when it does outbound nat will change that source port to something esle.. That is how NAPT works... Unless you tell pfsense to do its outbound nat static.. And not change that source port..

                                        This is where the game makers really need to step up their game on documentation of how their games actually function through a firewall..

                                        Allowing UPnP to be used - should show you what the game is wanting to do.. So you can do it with manual forwarding. And manipulation of your outbound nats (if needed).

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                        N 1 Reply Last reply Reply Quote 0
                                        • N
                                          Nthly
                                          last edited by Nthly

                                          @ johnpoz. I do not believe being anything wrong with pfSense. I am just unable to understand what am i doing wrong.

                                          I see, I believe you have a good point. Game makers are all secretive, sloppy maybe? About what the requirements are. Nothing is really documented. I believe the assumption is, "You Wire your PC to the Modem. Period".
                                          While that may be useful for gaming, it may be kinda problematic for everything else. But again the former is certainly a possibility.
                                          I'm now asking myself, should i buy a switch and plug in my PC into om DMZ dedicated Ethernet card and plug it back to my switch every time i want to play, ir can i do something else that may allow my pc to move to an un-firewalled ares for the time i wish to play?

                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ
                                            johnpoz LAYER 8 Global Moderator
                                            last edited by

                                            I can almost promise you some of those ports need to use specific source port.. Which NAPT breaks by its very nature..

                                            Takes all of 2 minutes to enable UPnP validate your game gives the correct NAT you want, and then look to see what ports and if static or not were opened.. Then create those in port forwards and outbound nat configurations.

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                            N 3 Replies Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.