Guide to Getting Game Consoles to work on Pfsense
-
I have setup Pfsense for several years with many game consoles so I thought I would share my knowledge on how to fix issues that tend to occur when connecting to servers. I have never had to use UPnP so I can't help with setting that up but below is a technique I have used on countless Sony and Nintendo consoles. I suspect this also applies to connecting to external game servers in general and different and Microsoft consoles as well. For those that see NAT 3 in their console status menu, this will get you to NAT 2.
-
Give your game console a static mapping on the DHCP server. You need to apply some rules and you can't have it changing the game console's local LAN address and thus ignoring your rules. Remember that static mappings can only be handed out in the range that is not inside your DHCP range. This is setup using the Services -> DHCP Server page. Your need to reference a MAC address which you could get off the device itself or look for it in Status -> DHCP Leases . Remember that your consoles have a different LAN and Wifi MAC address so your need to set up rules for both to get it working for both.
-
Under Firewalls -> NAT -> Outbound, you get to create a static mapping rule for ever single interface and every single game console. If you have never done so, set this to manual so you can edit these rules. When coming from automatic, it will leave some pregenerated rules. If you have have 5 game consoles and 3 internet interfaces ( WAN, OpenVPN 1, OpenVPN2) then your need 30 rules. 15 for the ethernet connections and 15 for the Wifi connections. I have not tested other VPNs well other then OpenVPN.
Normally, your see a rule like 192.168.1.0/24 (<-- Your LAN subnet) routes traffic through WAN. In the case your using a VPN then you would see 192.168.1.0/24 routing through OpenVPN1. Your see this rule has crossing arrows showing it is not a static port.
Your going to want to duplicate this rule by click the square over the square icon.
Let's say you have a PS4 on 192.168.1.4 . In this rule your duplicating, your going to replace the LAN subnet (192.168.1.0) with the ip address 192.168.1.4 . Your also going to change the /24 to a /32 to signify you are giving it a specific ip address and not a subnet. Your notice that if you forget to do this then .4 on the end will always be saved as a .0 instead.
Also, under "Port or Range", your want to turn on "Static Port". Be sure to make a meaningful description for this rule. Save and apply all these rules.
Your game consoles should no longer being giving you connection issues. For those that were seeing themself as NAT 3 in the status menu, you should now be on NAT 2. You never want NAT 1 unless this is a server that random people from the internet will be connecting into. NAT 1 is not for a game console.
Now on certain game consoles, the servers for them are hostile to VPNs so even if you set it up correctly, your still have issues. Your be forced to have the game console running over WAN.
If you have any questions then ask below.
-