PS4 NAT Type Failed

turbopuer

There we go! – THANKS!!!!

Put it at the top of the ruleset and it worked. However I have a bunch of openVPN bridges and stuff on this firewall and there are alot of rules that I may have to manage now. Is there a way to add an oubound rule with also maintaining my automatic status? Or perhaps on option in the advanced settings/tunables that allow me to make automatic generation set the rule for the LAN that is generated to static?

AhnHEL

@turbopuer:

There we go! – THANKS!!!!

Put it at the top of the ruleset and it worked. However I have a bunch of openVPN bridges and stuff on this firewall and there are alot of rules that I may have to manage now. Is there a way to add an oubound rule with also maintaining my automatic status?

You're very welcome.

I feel you on the "a lot of rules that I may have to manage now."  You need the Static Port option that Advanced Outbound NAT gives you to make UPnP work with gaming consoles and NAT Type.  Personally I have 11 AON rules and it looks daunting but still rather easy to setup because for the most part the entries are repetitive.

Nothing written in the Docs about any tunables for static port that I know of.

https://doc.pfsense.org/index.php/Static_Port

turbopuer

Yeah I have 25 now. Not a huge deal just one more thing I will have to remember to keep an eye on when adding things later.

I wonder if its possible to modify the rule form the command line. The Auto rule creation does make a rule for the LAN network to WAN just doesn't set static. If you could use pfctl to change that autocreated rule from static=no to static=yes I supposed you can use cron to enforce it.

Though to be honest, it would be nice to allow both automatic create and static rules to be defined instead of ignoring them like the gui says it does. This way you can cherry pick rules you need and let the system manage the more mundane/simple rules; and it could put them on top of the auto generated e rule set for you.

Anyways, thank again!

blarnath

Hey guys,

I'm wondering if someone else is having these issues or if it's just me.  I have successfully configured NAT for the PS4 and it reports Type 2 but I'm still having issues with BF4 as well as Netflix that are resolved by moving my PS4 to the provider router.  For Battlefield 4 I can't maintain a connection to EA, at first I thought this was EA but moving to the edge fixes the problem.  The symptoms are that I cannot get server listings in multiplayer, and when I am able to join a quickmatch game I'll be disconnected after a short (but varying) amount of time.  Disconnection does not log anything on the PS4, it just takes me back to the multiplayer menu.

The problem with netflix is that it can't connect to Netflix server 2 and 3 with an error of NW-4-7 which on the PS3 was a DNS error, but I don't this this is the case as I have 4 other devices that do Netflix fine.  Moving the PS4 off of the pfSense router also resolves this.

Another thing that I've noticed is that the network test on the PS4 is reporting extremely low upload rates, the download is normal (~15Mbs) where as I'm getting about 8Kbs reported in the upload while behind pfSense.  I'm running 2.1-RELEASE and I've stripped down my NAT rules to just the 3 that were created by default for testing.  I moved the LAN rule to the top and enabled Static Ports to get type 2 working, but something else is breaking and I'm wondering if it's just me or if others are having similar issues.

I can provide packet captures and any other information if needed.  I'm planning on troubleshooting this more later, but need to get my BF4 fix in and thought I'd just ask first.

Thanks in advance!

blarnath

I should add that the only 2 packages I'm running are Avahi and Darkstat, noticed some Origin problems related to HAVP and wanted to exclude that right off the bat.

thx

AhnHEL

How are you getting NAT Type 2 though?  Port Forward Method or UPnP?  Screenshots of your AON rules and UPnP or Port Forward Settings would help.

svfusion

I am also having these issue and don't really even know where to start..

I have made no special rules,
NAT Outbound is set to,
Automatic outbound NAT rule generation
          (IPsec passthrough included)
Here is a pic of my upnp setup,

AhnHEL

For this to work, you're going to have to use Manual Outbound NAT rule generation, setup a rule for the fixed LAN IP address you have assigned to your PS4 checking the Static Port checkbox.  Save that rule above your default Outbound NAT LAN rule and you should be good to go.

Refer to Turbopuer's screenshots above, just be sure to put the PS4 NAT rule above the LAN rule, unlike in his screenshot.

svfusion

@blarnath:

Hey guys,

I'm wondering if someone else is having these issues or if it's just me.  I have successfully configured NAT for the PS4 and it reports Type 2 but I'm still having issues with BF4 as well as Netflix that are resolved by moving my PS4 to the provider router.  For Battlefield 4 I can't maintain a connection to EA, at first I thought this was EA but moving to the edge fixes the problem.  The symptoms are that I cannot get server listings in multiplayer, and when I am able to join a quickmatch game I'll be disconnected after a short (but varying) amount of time.  Disconnection does not log anything on the PS4, it just takes me back to the multiplayer menu.

The problem with netflix is that it can't connect to Netflix server 2 and 3 with an error of NW-4-7 which on the PS3 was a DNS error, but I don't this this is the case as I have 4 other devices that do Netflix fine.  Moving the PS4 off of the pfSense router also resolves this.

Another thing that I've noticed is that the network test on the PS4 is reporting extremely low upload rates, the download is normal (~15Mbs) where as I'm getting about 8Kbs reported in the upload while behind pfSense.  I'm running 2.1-RELEASE and I've stripped down my NAT rules to just the 3 that were created by default for testing.  I moved the LAN rule to the top and enabled Static Ports to get type 2 working, but something else is breaking and I'm wondering if it's just me or if others are having similar issues.

I can provide packet captures and any other information if needed.  I'm planning on troubleshooting this more later, but need to get my BF4 fix in and thought I'd just ask first.

Thanks in advance!

Did you ever fix this? I configured my Pfsense like the screen shots, reports NAT 2, but still can't play Need for Speed, says it can't connect to EA Servers.

AhnHEL

This might not be a pfSense issue at all.

http://answers.ea.com/t5/Madden-NFL-Football-25/Cannot-log-into-EA-servers-Madden-25-PS4/td-p/1847549

If you google "ps4 cant connect to EA server," there are posts for all sorts of games with the same error all related to EA.

gamer

After following the instructions in this thread I managed to get my ps4 to report NAT type 2. The problem is that I still can't connect to it with remote play. I have forwarded the correct ports 9295,9296 and 9297. My vita connected to LTE fails to find my ps4.

Has anyone gotten remote play to work without upnp?

eshield

@gamer:

After following the instructions in this thread I managed to get my ps4 to report NAT type 2. The problem is that I still can't connect to it with remote play. I have forwarded the correct ports 9295,9296 and 9297. My vita connected to LTE fails to find my ps4.

Has anyone gotten remote play to work without upnp?

TCP 9295, UDP 9296-9297? If yes then take a look in firewall logs to locate the problem. Turn on logging for those 2 rules which you made for forwarding. Turn on logging for connections blocked by default rules.

---

I think, the following should be added to gui and wiki:
Static Port ON = NAT Type 2
Static Port OFF = NAT Type 3

gamer

I have 9295 TCP an 9296-9297 UDP.

I enabled logging and found that no packets from my vita even reach pfsense. Its as if Sony can't find my ps4. I have tried reactivating my ps4 and reconnecting my PS vita. Nothing seems to help.

RobertR728

Thank you so much AhnHEL. I am a noob to pfsense and it took me a while to understand what exactly i was supposed to do. Once i was able to figure it out it works here too im now NAT2 on my PS4.

A question though you stated that the rule needs to go above the outbound lan rule. I do not have any outbound lan rule. Its working so im going to assume its his setup that has that and its different and more advanced than mine thus i dont need that rule. Is this correct?

Also if there is 2 or more PS4 in the house a rule like the one i created would have to be done for each one?

Again thank you for your help.

AhnHEL

When you went from Automatic Outbound NAT to Manual Outbound NAT, a default LAN NAT rule should have been created.  Your Firewall: NAT: Outbound page should look something like below for multiple consoles, of course with different IP addresses matching your LAN subnet and DHCP mappings for your consoles.

Firewall: NAT: Outbound

WAN  	 192.168.1.17/32	 *	 *	 *	 WAN address              *	            YES	      1XBox AON 	

WAN  	 192.168.1.18/32	 *	 *	 *	 WAN address     	  *	            YES	      2XBox AON 	

WAN  	 192.168.1.19/32	 *	 *	 *	 WAN address     	  *	            YES	      1PS3 AON 	

WAN  	 192.168.1.20/32	 *	 *	 *	 WAN address     	  *	            YES	      2PS3 AON 	

WAN  	 192.168.1.0/24 	 *	 *	 *	 WAN address     	  *	            NO	      LAN AON

WAN  	 127.0.0.0/8	         *	 *	 *	 WAN address          1024:65535            NO	      Localhost AON
``` 

I would also recommend that rather than enable UPnP and leave it wide open, that in the UPnP settings page, check on the "By Default, deny access to UPnP and NAT-PMP."  You would then enter a User Specified Permission to allow your console DHCP mappings access to UPnP while the rest of your network is effectively blocked from UPnP.
Each UPnP User Specified Permission should look like the below matching your LAN subnet and DHCP mappings of your consoles.

**UPnP**

User specified permissions 1              allow 88-65535 192.168.1.17/32 88-65535
User specified permissions 2              allow 88-65535 192.168.1.18/32 88-65535
User specified permissions 3              allow 88-65535 192.168.1.19/32 88-65535
User specified permissions 4              allow 88-65535 192.168.1.20/32 88-65535

**For more advanced users:** If you need more space for additional UPnP rules, then the above can be simplified with one rule instead of four with some network masking.  Be aware that with this masking, the subnet ID and broadcast address for your mask should not be used by DHCP Server or DHCP static mappings.

**UPnP**

User specified permissions 1              allow 88-65535 192.168.1.16/29 88-65535

**Firewall: NAT: Outbound**

WAN  192.168.1.16/29 * * * WAN address      *             YES       Game Consoles AON

WAN  192.168.1.0/24 * * * WAN address      *             NO       LAN AON

WAN  127.0.0.0/8         * * * WAN address          1024:65535            NO       Localhost AON

iLLNESS

i was having upnp issues with xb1 and had to do port forwarding for open nat.

i tried static ports on my outbound rule for my xb1, i tried adding xb1 to upnp user specified list, basically everything and it didn't work before.

saw this thread and figured if its working for ps4 it has to be working for xb1 too so went at it again and it seems what made the difference was hard reboot of the console. before i was just clearing firewall states and testing again.

so again above details ended up working, but it seems on xb1 a hard reboot is necessary.