Grrrrr. Been trying to fix this since forever. STEAM and Strict NAT in BLOPS2



  • I have an alias set for my PC (Icecube) with a static IP.
    I have the following ports:

    Firewall>Alias's>Ports
    BLOPS2TCP 3074, 27014:27050
    BLOPS2UDP 3074, 2700, 27015:27030, 3478, 4379:4380

    In Firewall>NAT>Port forward:
    WAN UDP * * * BLOPS2UDP IceCube BLOPS2UDP UDP
    WAN TCP * * * BLOPS2TCP IceCube BLOPS2TCP TCP

    My NAT is still Strict. WTF am I missing? :)

    Thanks in advance!



  • I hate to send you over to another guide but this seems pretty in depth http://www.joinaclan.com/2012/11/cod-black-ops-2-how-to-change-your-nat-type-to-open/



  • @clyq:

    I hate to send you over to another guide but this seems pretty in depth http://www.joinaclan.com/2012/11/cod-black-ops-2-how-to-change-your-nat-type-to-open/

    Unfortunately, that has nothing to do with pfSense.



  • I don't have a game console to play with, but might this help?

    http://thepracticalsysadmin.com/fix-xbox-strict-nat-on-pfsense/



  • @KOM:

    I don't have a game console to play with, but might this help?

    http://thepracticalsysadmin.com/fix-xbox-strict-nat-on-pfsense/

    I don't either, this is for a PC / Steam :)



  • I doubt the actual unit type makes a difference when it's to do with outbound NAT on pfSense.  The solution to strict NAT with XBox is likely the same solution for strict NAT with Steam, and involves making some changes with pfSense as per the guide.



  • This was awhile ago, so I'm hoping you've had some luck?

    I switched from an ASUS RT-AC66U to an SG-2220 and suddenly having all sorts of problems with Call of Duty.  I tried every suggestion, starting with the Static Port setting on my Outbound NAT rule.

    My setup is about as simple as it can be, with my cable modem on one side and my LAN switch on the other, and no custom firewall or NAT rules.  Given that my RT-AC66U and my older RT-N16 handled this no problem, I'm afraid there's a problem with pfsense and I'll never get this quite working.



  • @digg1t:

    This was awhile ago, so I'm hoping you've had some luck?

    I switched from an ASUS RT-AC66U to an SG-2220 and suddenly having all sorts of problems with Call of Duty.  I tried every suggestion, starting with the Static Port setting on my Outbound NAT rule.

    My setup is about as simple as it can be, with my cable modem on one side and my LAN switch on the other, and no custom firewall or NAT rules.  Given that my RT-AC66U and my older RT-N16 handled this no problem, I'm afraid there's a problem with pfsense and I'll never get this quite working.

    No luck at all. NAT is still strict. pfSense handles port forwarding and parental controls very poorly.



  • I'll just go with the obvious.

    Remember to reset the state tables after applying / making the NAT or Rule change.

    Go to https://www.grc.com/shieldsup.htm and enter the port(s) and do a custom port probe and see if those ports appear open.  This has been my approach for doing this type of work.



  • Strict NAT occurs when A. hosts cant initiate connections to you on a specific port and B. your firewall is changing the source port for your outbound connections on that specific port.

    Fix B and you will have a Moderate NAT
    FIX A & B and you will have an Open NAT

    Look here for B

    https://doc.pfsense.org/index.php/Static_Port



  • @cyanic:

    Strict NAT occurs when A. hosts cant initiate connections to you on a specific port and B. your firewall is changing the source port for your outbound connections on that specific port.

    Fix B and you will have a Moderate NAT
    FIX A & B and you will have an Open NAT

    Look here for B

    https://doc.pfsense.org/index.php/Static_Port

    This is correct, lots of games/consoles require static outbound for their traffic.  The easiest way to do this for multiple consoles is to just set Static outbound to apply as if it were applying to a subnet, i.e set the subnet mask of the static outbound rule to a /25 subnet and just stick all of the game console DHCP leases in addresses above 128.


Log in to reply