NAT Issues when playing games on two computers
-
I recently setup PFsense for the first time on an optiplex. I was able to get much better download speeds, which has been great, as well as seperate computers from each other using multiple physical LANs. One of the few issues I have ran into is my computers' NAT types while playing Modern Warfare (Battlenet/PC). The NAT type is strict. instead of forwarding the relevant ports to my desktop, I wanted to open the ports for all computers on my networks to use. I was told to setup uPnP to do this. The guide I followed had me create an allias including the IPs of the computers I wanted to open the NAT type on. I was then instructed to disable access to uPnP by default, but allow access to the allias/group I had made before. I also had to turn on NAT reflection as well as set hybrid NAT rules and tick "static port" for my group of machines, though I'm not sure what those last two steps actually did. The result is an Open NAT type for both of my computers. The only downside is that only one machine can play at a time. If a computer tries to launch MW while the other one is already connected, you will get a server disconnect error. I have tried everything I can think of, which is admittedly not much as I am new to networking. Any help you can offer me would be greatly appreciated!
Not sure if I am allowed to link to YouTube videos, but here is a link to the walkthrough I followed: https://youtu.be/whGPRC9rQYw
-
There was a recent thread somewhere here about uPnP and multiple devices with the same game (though I don't think that was the title). I can't seem to find it but it referenced https://redmine.pfsense.org/issues/7727.
-
So from what what I am reading am I to assume that PFsense is actually unable to handle uPnP? If I can't have two computers using applications that want the same ports at the same time, what is the whole point of uPnP?
-
From what I gathered of that redmine issue and the other post the problem is that code to handle it is missing from FreeBSD and there's not much pfSense can do about it until FreeBSD adds it.
-
We have some private network that is under our supervision and PS4, XBox One PC gamer hardware also works without problems behind pfSense NGFW, everything is just a matter of configuration :-)
may this help:
-
But do you have two of each of those devices?
-
Yes of course :-)
Each device has a fixed (non-dhcp) address and is turned on plus:
and works without a problem, with any number and any gamer machine (PC, PS4, XBox)
LAN95 is a separate interface reserved only for gaming machines! -
It’s worth separating, because NAT-PMP and UPnP aren’t a beloved thing on firewalls, am I right? :-)
-
@DaddyGo So if you don't mind, could you walk me through what to do? I'm afraid I am a little.novice as far as networking is concerned.
-
then let's see:
First, create an independent interface for the game machines.
This can be a physical interface, if you have an empty port on your hardware (NIC), or it can be a separate VLAN (on LAN interface)
Second step, set a fixed IP address on the game machines or you can use dhcp too, if you record the IP addresses of the machines in the dhcp server "static mapping" - in this case run dhcp server on the interface which you created in the first step
third step: add the default NAT rule of the interface (game interface), so that the interface has an internet connection, so:
fourth step: create a hybrid outbound NAT mapping containing the IPs of the gaming machines (with / 32 subnets (no / 24!)), so:
step five: turn on UPnP & NAT-PMP for the game interface ONLY to separate game machines from other vulnerable network components
when you start a game machine (on this separated game interface) you can check the open ports in the menu: Status / UPnP & NAT-PMP
As I mentioned on a firewall, UPnP & NAT-PMP is not a really good thing, so you need to separate this intarface.
if you have any questions, I am at your disposal -
@DaddyGo Firstly, thank you for walking me through this, I appreciate your time and recognize its value.
So your guide differs from the one I followed only by adding a static port per-device instead of creating an alias and assigning a static port to it and by allowing UPnP to the entire "Gaming LAN" instead of doing default deny and entering the alias in the "ACL Entries" field. I only have two LANs, one for me and my wife and one for my parent that lives with us. I have three gaming desktops on my LAN (LAN1). I would like to have UPnP work for my two desktops, but not the third. It was my understanding that doing default deny and entering the alias containing the two desktops on which I wish to use UPnP into the "ACL Entries" field would accomplish this. Is this not true?
-
Yes, I’ve run into a lot of obstacles, because of the games (PS4, XBox, etc) in the past, so I think this path of experience is appropriate.
Because of these dangers (NGFW / UPnP & NAT-PMP), so without UPnP & NAT-PMP it would be a serious job to configure everything, I would further segment the network, if you needed to customize the game locations separately.
Different game vendors, programmers - they use different ports (once for different purposes), so without UPnP & NAT-PMP it would be a serious job to configure everything. -
@DaddyGo I already did what you instructed over Teamviewer (@work at the moment), so I will check to see what the result is when I get home tonight. Are you suggesting doing a VLAN with just open access to UPnP for the gaming machines and a separate VLAN for the devices I wish to protect? To be honest I really only game on these computers and I am not terribly worried about security. My work stuff stays at work for the most part. This is more just me trying to learn a bit more about networks as I am traditionally a hardware/client-side technician. Also my old Nighthawk was garbage compared to PFsense when it came to download speeds!
-
That's exactly it, so remember in today's world, you will be best surprised, if you experience an attack at home.
You always have to be prepared, it’s no longer a joke, so there’s pfSense must be used properly.We are now past an SSH attack from 800 to 1000 IPs, it was because the networks are interconnected.
Home to corporate / corporate to home -
if I can help you with anything, you know where to find me
in case I helped you and you feel this, send one to me this
-
So it is still doing the same thing. I can actually go through the steps and track it back to when the problem starts. It's as soon as I switch to Hybrid NAT and set the mappings. Maybe I am doing that wrong?
-
Here is a screen shot of my desktop (192.168.1.5) successfully connecting to online services while my wife's desktop (192.168.1.6) is unable to connect.
-
Hi,
This seems very strange, because it seems like a good setting.
Well, then now comes the golden question ??? hihihihiWhat games are these, on what hardware?
Afterwards, we need to read the game descriptions and cummunity experiences.
For a long time, I had similar problems in an acquaintance’s system with the following Dead by Daylight (these are individual cases).
Inside, it puts all game requests on the same port, hmmmm??? (as if it were just one game)
I think games cause this incompatible behavior, what exactly do you experience?please add this
-
I am only experiencing this on Modern Warfare 2019, though I haven't checked other games yet. That will be my next step. I will get this information to you as soon as I am out of work!
-
This question is very interesting, as you will have time and you want to continue and then write down what you have come up with.
I’ll read a little bit about Modern Warfare in the meantime, maybe I will find out something that can cause such a problem.BTW, are we talking about two PCs or MACs? These are not consoles?