Why does PFsense work automatically



  • I currently use PFsense, but have several old routers that run some version of tomato firmware.
    1. Buffalo WHR-HP-G54
    2. Asus Wl-500gp
    3. and a microsoft Mn-700

    When I switch from my pfsense router to these tomato based routers, me and my son cannot play Steam-Counterstrike 2 games, without adding or specifying a launch option to the program. (i.e. +Clientport 27000x). Why is it that pfsense does not require this parameter? Can anybody explain this to me in simple terms or  is there a version of tomato that will allow two people to play a steam game on the same lan without specifying these special launch options or are my routers too old?

    In other words, pfsense does not require me do to this (follow the requirements from steam to configure a router for multiple clients ) but my tomato routers do. Why is that? Any comments, suggests, etc would be welcome. And thanks anybody for any help in advance! I know this is a pfsense forum, but I just want to know why pfsense is better than these other routers in this situation.

    Ed



  • Better uPNP support for automatic port fowarding?



  • That plus

    https://en.wikipedia.org/wiki/Stateful_firewall

    http://blog.pluralsight.com/stateful-firewall-fundamentals

    Those other units may be dumb and have to be told everything about incoming connections.  Stateful firewalls allow the return traffic to be automatically allowed back in without you having to configure everything.



  • Interesting.  I checked my pfsense router and it does not even have Upnp enabled.  Which is super cool.

    Anyway, I've tried dd-wrt and tomato (various versions) on these old routers and no matter what options I check, I still cannot play with the two clients in the lan without clearly specifing the client port on one machine.  these routers supposedly due have some form of State packet inspection, but i guess not to the degree that the current version of pfsense does. I wonder if its some sort of iptables command that needs to be set. anyway, thank you for your comments. I've posted this question on multiple forums and this is the only forum that responded. Thanks again. Pfsense and its members and community is awesome.



  • Hi,

    You stated dd-wrt.
    Now, read this : http://www.dd-wrt.com/wiki/index.php/Firewall

    Are you talking about a game-client ? Or server ?
    And why 'one one PC' but not the other on your LAN ? This excludes that there is a firewall-related problem.



  • @Gertjan:

    Hi,

    You stated dd-wrt.
    Now, read this : http://www.dd-wrt.com/wiki/index.php/Firewall

    Are you talking about a game-client ? Or server ?
    And why 'one one PC' but not the other on your LAN ? This excludes that there is a firewall-related problem.

    Hi Gertjan! I appreciate the reply! Perhaps this weil explain the situation better.

    Situation #1.
    (ISP Modem)–----->Pfsense (standard settings with DHCP server) ------->Lan-------->(multiple PCs receiving ip via DHCP)----DadLanComputer & SonLanComputer.

    Under this scenario, both Dad and son can connect to the same game on the internet (being hosted someplace on the internet), without making any changes whatsover to the router or the client game launch options.

    Situation #2
    (ISP Modem)----->DD-Wrt or Tomato (standard settings with DHCP server) ----->Lan -----> (multiple PCs receiving ip via DHCP)----DadLanCompuer & SonLanComputer.

    Under this scenario, only the first computer (Dad or Son) can connect to the game on the internet without specifying any Lan connect options. the Second computer must specify a different port under the client game launch options.

    Upnp has no effect.

    Thank you Gertjan for your thoughts on this matter.



  • @edfcmc:

    Why is it that pfsense does not require this parameter?

    Based on the fact that you state that setting a different client port fixes things, it's probably because pfSense rewrites (randomizes, basically) the source port of all outgoing packets.

    https://doc.pfsense.org/index.php/Static_Port


  • Netgate Administrator

    Yes, that seems likely:
    https://doc.pfsense.org/index.php/Static_Port
    Though it surprises me that other routers would not do that. A packet capture on the LAN would solve that though. If both clients are using the same source port then port rewriting would be required.

    Steve



  • @edfcmc:

    When I switch from my pfsense router to…

    Just don't do that.  :P


Log in to reply