PlayStation 4 on NAT Type 2 But limeted online



  • Hello, I have a PS4 behind my PfSense Box, I was able to get it to NAT Type 2 by adding Manual Outbound to the PS4 ip! I can Play Online, but the connection is very limited. I can't create games or chat groups and it's very laggy on voice chat. If I connect directly to my gateway router I don't have no problems.

    Can Any one point me in the right direction?

    Best Regards



  • @soloam:

    Hello, I have a PS4 behind my PfSense Box, I was able to get it to NAT Type 2 by adding Manual Outbound to the PS4 ip! I can Play Online, but the connection is very limited. I can't create games or chat groups and it's very laggy on voice chat. If I connect directly to my gateway router I don't have no problems.

    Can Any one point me in the right direction?

    Best Regards

    Does the issue affect all ps4 games or just a handful? I'm thinking static port might be your best option, but you've already done that..



  • Hello! I noticed it on all the games, and in ps4 functions like creating a group chat!

    I done static outbound port and tried to udnp and opening all ports nothing makes it work! Do I need to set any forward ports?



  • Silly question (is it turned on…) but when you did manual outbound, did you specify the ports to be used?

    Does your device use wireless installed into the box itself?

    UPnP is enabled, and the ps4 reports it as working?

    Any interface errors (interface page)?

    Any other problems with network connectivity? Does the browser on the ps4 work? How about other devices on the same segment?

    Are you using snort? Proxy (transparent or otherwise)?

    Do you have multiple sony PlayStations (ie. a ps3 and a ps)?

    Are you using traffic shaping?

    Would you consider doing a backup then a factory reset of the device to see if that fixes it, if not, restore the backup?

    I would also try eliminating all other devices. Start with just running a line straight to the ps4 from the box. I had an El Cheapo wireless access point that for some reason would backscatter anything sent to it straight back where it came from, causing an ARP flood. This didn't take my network down completely but caused just enough packetloss to throw off real-time applications.



  • @zylithi:

    Silly question (is it turned on…) but when you did manual outbound, did you specify the ports to be used?

    Does your device use wireless installed into the box itself?
    No, I have a switch and the ps4 is connected to the switch

    UPnP is enabled, and the ps4 reports it as working?
    I have it enabled on PfSense, on PS4 where can I check that?

    Any interface errors (interface page)?
    None

    Any other problems with network connectivity? Does the browser on the ps4 work? How about other devices on the same segment?
    Only one PS4, Yes the browser works

    Are you using snort? Proxy (transparent or otherwise)?
    Not in this Interface

    Do you have multiple sony PlayStations (ie. a ps3 and a ps)?
    None

    Are you using traffic shaping?
    No

    Would you consider doing a backup then a factory reset of the device to see if that fixes it, if not, restore the backup?
    Only as a last option

    I would also try eliminating all other devices. Start with just running a line straight to the ps4 from the box. I had an El Cheapo wireless access point that for some reason would backscatter anything sent to it straight back where it came from, causing an ARP flood. This didn't take my network down completely but caused just enough packetloss to throw off real-time applications.



  • @soloam:

    @zylithi:

    Silly question (is it turned on…) but when you did manual outbound, did you specify the ports to be used?

    Does your device use wireless installed into the box itself?
    No, I have a switch and the ps4 is connected to the switch

    UPnP is enabled, and the ps4 reports it as working?
    I have it enabled on PfSense, on PS4 where can I check that?

    Any interface errors (interface page)?
    None

    Any other problems with network connectivity? Does the browser on the ps4 work? How about other devices on the same segment?
    Only one PS4, Yes the browser works

    Are you using snort? Proxy (transparent or otherwise)?
    Not in this Interface

    Do you have multiple sony PlayStations (ie. a ps3 and a ps)?
    None

    Are you using traffic shaping?
    No

    Would you consider doing a backup then a factory reset of the device to see if that fixes it, if not, restore the backup?
    Only as a last option

    I would also try eliminating all other devices. Start with just running a line straight to the ps4 from the box. I had an El Cheapo wireless access point that for some reason would backscatter anything sent to it straight back where it came from, causing an ARP flood. This didn't take my network down completely but caused just enough packetloss to throw off real-time applications.

    Huh, okay, I was hoping this was going to be easy. As for upnp, when you set up a connection, when it tests the connection, it should list upnp status.

    When you fall back to your prior gateway, are you still using the switch to connect the PlayStation? Or, when you say switch, are you just using the LAN ports on the old gateway? Try running a wire straight from the PlayStation into the pfsense box (ps4 should have MDI auto sense so don't worry about crossover etc). Clear States on your pfsense box, or better, reboot the pfsense once doing this, then give it a try.

    I'm trying to think of other exotic setups you might have that could cause problems. The pfsense box, does it just have two network cards (one for WAN one for LAN)? Does your ISP connection require PPPOE or just straight DHCP? Are you using vlans? Is the switch "managed" ie. cisco or just a "dumb" switch that you pick up from best buy etc? Multiple subnets on one card? Multiple virtual IPs? Any other exotic setups you might have that differ from typical ie grandma grandpa consumer setups (other than pfsense itself)?

    Is it possible there's something in your setup that's causing packets to be "reflected" back into your network unmodified? Possible ways this can happen is if you have a single wire segment with both ends plugged into a switch (usually brings a network down to its knees but not always).

    Another way is if you have two wireless access points with the same SSID plugged into the network (this is common with macguyvering two or more wireless routers to act as "dumb" access points). If this is your intention, use the WAN port on those routers, and I can help you with the routing challenges inherent with that setup.

    I've also seen this with long wire segments that have been futched up somehow (this is called crosstalk and happens when the signal on the transmit pair gets picked up by the receive pair–this can sometimes be fixed by forcing half duplex mode on that wire, or by getting a modern non-bargain bin switch; new switches will store an entire frame and do a corruption check before forwarding it to the appropriate destination, whereas older switches just fired it down the wire as soon as it reads the destination).

    Edit: do you have hardware offloading (advanced options) enabled on your pfsense box? Do you have any other wired devices on the same switch you could test out (do a speed test and see if it lines up with your ISP package)? What about power saving options such as PowerD?  Are you using the stable 2.1 release or the 2.2 release candidate version of pfsense (which has some wild under the hood changes)? Is the pfsense box virtualized ie. using VMWare or Xen or is it running on bare hardware?

    Sorry for all the questions, but I prefer to be very thorough in considering all angles.


  • LAYER 8 Global Moderator

    Another way is if you have two wireless access points with the same SSID plugged into the network (this is common with macguyvering two or more wireless routers to act as "dumb" access points). If this is your intention, use the WAN port on those routers, and I can help you with the routing challenges inherent with that setup.

    What??  This makes no sense at all.. Sorry but you could have 10 or 100 AP all with the same SSID connected - this does not cause any problems..

    As to the OP problem "If I connect directly to my gateway router"  Sounds like he has a double nat to me - even if he setup UPnP on pfsense or manual forward - he has the other nat in front of it.. So this is going to cause issues.. While its great that UPnP can open the ports required by the game on pfsense - what is going to open them on the "gateway router" ??

    You should put your other router into bridge mode, or just get a true modem and not a router.  So pfsense gets a public IP on its wan, then simple enough to enable UPnP for his ps4 and should not have any problems.



  • @johnpoz:

    Another way is if you have two wireless access points with the same SSID plugged into the network (this is common with macguyvering two or more wireless routers to act as "dumb" access points). If this is your intention, use the WAN port on those routers, and I can help you with the routing challenges inherent with that setup.

    What??  This makes no sense at all.. Sorry but you could have 10 or 100 AP all with the same SSID connected - this does not cause any problems..

    As to the OP problem "If I connect directly to my gateway router"  Sounds like he has a double nat to me - even if he setup UPnP on pfsense or manual forward - he has the other nat in front of it.. So this is going to cause issues.. While its great that UPnP can open the ports required by the game on pfsense - what is going to open them on the "gateway router" ??

    You should put your other router into bridge mode, or just get a true modem and not a router.  So pfsense gets a public IP on its wan, then simple enough to enable UPnP for his ps4 and should not have any problems.

    I once saw a customer set up two DIR-601s and plugged both into the same switch, using the LAN side of the routers to connect to the switch. Same SSID, same passkey. This brought his network down to its knees. Solution was to plug both devices in using their WAN ports. This did happen, and did cause problems. A fluke, maybe, but nonetheless, I'm giving advice based on experience.

    As for this gentleman, a double NAT did cross my mind, but I figured the fact he was using pfSense lends credibility to the idea it could be something a little more complex than the networking equivalent of "Is it plugged in?" Still possible, however.


  • LAYER 8 Global Moderator

    "Solution was to plug both devices in using their WAN ports."

    So now you have 2 devices Natting their wifi networks from the network they are connected too - not AP now are they..  That would not be a solution..  What would of been the solution is understanding what was going on.. What brought the network to its knees.. Did you have a sniff showing what was going on - did the AP have the same IP address on their lan and that why wifi didn't work - that was brought to their knees the wifi didn't work?.

    Sorry but pretty much every single work place has more than 1 AP connected to the same network - all using the same SSID..  While you might have some odd ball experience, seems to me you don't know what the problem was.  And thinking that you can not have more than 1 AP on network is just nonsense..

    " it could be something a little more complex"

    It rarely is the complex thing that is the problem - it is almost always the something stupid problem..  That is from 30 years experience in the field..



  • Hello, I don't have double NAT! When I said that with my gateway I was able to to connect with no problem, I was saying that I plugged my ISP default router in place of my PfSense, and all worked ok. Sorry my English.



  • Please check https://forum.pfsense.org/index.php?topic=83332.0 (reply #10 and #29 mainly) and my posts about setting it up there.
    I recently switched from the PS4 in it's own subnet to the PS4 in the LAN subnet.

    I believe all NAT Port Forwards are still the same, but I would have to check that.
    For me, I can play Destiny and use the PS4 chat party without any problems, and have a NAT Type 2 configuration.

    And if you don't like Static Port for the IP address of the PS4, just setup every single port again for that IP address.
    I don't see the point though, as the PS4 already only uses specific ports to go outside.



  • Hello all, I was able to make everything working. I had to make a system restore, something was wrong and I wasn't able to find out what.

    Now the only thing that is not working is the playstation app for remote connect to my ps4 by my android. Since I have in separated networks, it does not work. Any one using ps4 on a separated network that is able to use the playstation app?

    Probably is better to open a new topic with this question to draw more attention to the specific case)

    Thank you all



  • I tried looking up what ports are used for the app, but couldn't find any.
    I think it uses port 80 or perhaps 443, but I haven't tested it.

    And since the app does some kind of broadcast to find the PS4, I doubt it will reach the PS4 in the separate subnet anyway.



  • Yes I can confirm that the app is doing a broadcast, I see the package being send to the broadcast IP. Is it possible to forward it to other interfaces?



  • I have no idea. I would need to search for an answer as much as you could do ;-)



  • I did :) and according to several posts on the forum, it's no possible without bridging the interfaces, that is something that I don't what to do.



  • Alright, routing broadcast traffic is icky I believe :-)

    But why would you still want the console in a separate subnet?
    Why not do it the way I did now? I can connect the app and youtube easily now.



  • My only concern is the number of ports opened, the UPNP, and the staic ports on outbound nat.

    Another reason is the guests, I wave separated networks for guests, and I don't want to give them the wireless password for the main network because they need to connect their mobile to the wireless to use in some games.



  • If the ports to open is a concern, throw out the console?
    This is a home LAN we're talking about, right?


Log in to reply