PfSense behind a router game the crew

Marvho

Hello everyone,

I'm using an APU1D4 Board with the latest full installation of PfSense (2.1.5) on a SSD.

I have a router from my internet provider infront of my PfSense.

Now I have the problem with the new game "The Crew".

I can't connect to other players groups and I can't see other player in my session.

Without the PfSense it works fine. UPNP is disabled.

I'm new to PfSense so I would appreciate every help.

best regards

KOM

First, do your homework about the game: which IP addresses/hosts does it use, and which ports?  Then check your Firewall log (Status - System logs - Firewall) and see if anything is being blocked in the IP/port range for the game.  This Ubisoft link may help you with that.

Marvho

If the Firewall log is clean, can something still be blocked than?
Or is it just a NAT problem maybe because of the router (not in bridge mode) of my Internet-Provider?

I can see player in the session now. I will test the group join tomorrow.

This got blocked after I quit the game.

Dec 12 00:01:55 LAN 192.168.1.101:57061 216.98.55.11:80 TCP:RA

thanks for your help so far!

KOM

If the Firewall log is clean, can something still be blocked than?

Sure.  You can make a block rule and set it to not log.

Or is it just a NAT problem maybe because of the router (not in bridge mode) of my Internet-Provider?

At this point I don't know.

This got blocked after I quit the game.

Don't worry about that.  Stateful firewalls like pf will block what's called out-of-state traffic.

MetalGeek

My Son had similar issues.  He could play the game and join with 1 friend in a crew but once a 3rd friend tried to join the crew it would fail.  Didn't matter who started the crew or who joined first, my son could only play with 1 other person.  I switched my son over to my DD-WRT router and everything just worked. I checked the UPNP status and the game does not add any UPNP ports so this is most likely a NAT issue since it just worked when connected to DD-WRT and both his friends had no issues on their consumer routers.  I have added a DCHP reservation for his PC and have added a static port NAT rule for this IP.  https://doc.pfsense.org/index.php/Static_Port  I'll report back if this works.  If it doesn't I'll try forwarding UDP on ports 3000-3003 to his IP per UBISoft.

MetalGeek

The Static Host setting had no effect but forwarding UDP ports 3000 - 3003 to my son's PC worked and allowed him to join Crews.

Here is my NAT Rule:

Interface Source         Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN  192.168.##.0/24 *                 *                         *                 WAN address       *           YES

Either the above Static Port setting wasn't effective OR for some reason with Pfsense you have to forward the ports.  I even killed all the States for my son's IP with no effect.  If you check your firewall logs after trying to join a crew and look for the gaming PC IP in the destination address you will see the dropped inbound UDP packets.

Marvho

Thank you very much for your help.

Going to test it today or tomorrow!

//edit:

Do you have the same setup (router infront of the PfSense) ?

Whats the difference between the Port Forward section and the Outbound section under Firewall -> NAT ?

Do I need to set the Automatic outbound nat to Manual outbound nat?

Why did you used the Outbound section?

Best regards

JakNapier

This post is deleted!