Re: [m0n0wall] Problems with Playstation NAT

From:	Adam Gibson <agibson at ptm dot com>
To:	m0nowall Mail List <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Problems with Playstation NAT
Date:	Mon, 22 Sep 2008 16:58:19 -0400
I personally would never forward all ports.  I want to know which ports 
are required.  I never had issues with the XBOX360 but the PS3 is a 
different animal with its game dependent backend which is 
usually(always?) gamespy powered.  Some things to try:

Make sure you disable UPNP on the PS3.  Even though the PS3 should not 
use it I have experienced issues with letting the PS3 detect it on its 
own.  I force UPNP off on the PS3 network settings.

Setup advanced outbound NAT on the monowall for the PS3 to keep outgoing 
packets from changing the source port(DMZ port feature on other 
routers/firewalls also do this when they forward all ports).  Most games 
will work just fine without doing this but games like GTA4 will not 
allow you to join a game reliably without this enabled( You can only 
host which is the opposite of how network games normally work ).  The 
remote GTA4 servers will try to connect to your firewall/PS3 using a 
statically defined port and ignore the random port that normally gets 
sent because of NAT to their master server.

This assumes your LAN is 192.168.1.0/24, you have a third interface 
NATed as a Service network, and your PS3 is at 192.168.1.5.  For example 
if you have 192.168.1.0/24 as your LAN and 192.168.2.0/24 as your 
Service network on a third interface you would have the below setup with 
the 'Disable port mapping checked for the 192.168.1.5/32 entry.**

Interface   Source   Destination   Target   Description
WAN       192.168.1.0/24       *       *       Default outbound NAT
WAN       192.168.2.0/24       *       *       Default outbound NAT
WAN     192.168.1.5/32     *     *    (no portmap)     PS3 static src 
port outbound nat

If that doesn't help with the games you are trying to use then these are 
the ports I have found so far that help when joining and hosting games.  
Yo will of course also need the firewall rules to allow these along with 
the NAT entries below which can be autogenerated when creating the NAT 
rule if you check it at the bottom when creating the NAT rule.

If    Proto    ExtPortRange    NATIP    IntPortRange    Description
WAN    TCP/UDP    9293    192.168.1.5    9293    port forward PS3 Remote 
Play
WAN    UDP    3478 - 3479    192.168.1.5    3478 - 3479    port forward 
PS3 STUN
WAN    UDP    3658    192.168.1.5    3658    port forward PS3 Voice chat
WAN     UDP     6672     192.168.1.5     6672    port forward PS3 GTA4
WAN    UDP    9103    192.168.1.5    9103    port forward rock band


David Burgess wrote:
>> I would like to connect a playstation for online gaming to my mono wall.
>>
>>
>>
>> So - there is for each game another port-range to play online - it is a
>>
>> horror to configure all ports exactly.
>>
>>
>>
>>
>>
>>
>>
>> My old router had an option "DMZ Host" - this host got all packets addressed
>>
>> to my public ip, except the ports for which another nat rule was active.
>>
>>
>>
>>
>>
>>
>>
>> Is there any option to get this type of NAT with mono-wall to work ? I have
>>
>> already tried to redirect ports 1024-32767 to the playstation with resulted
>>
>> into problems with getting online with my other PCs in the network
>>     
>
>
> First off, most PC and console games don't require incoming NAT. I've
> used xbox live with monowall and no issues there, no NAT to set up.
> The exception is where you need to host a game, i.e., run a server
> that other players connect to directly. Are you sure you need to open
> ports to your PS3?
>
> If so, then the simplest way, if you need all kinds of ports and don't
> want the hassle of manually setting them all up, is if you can get a
> second IP address from your ISP. m0n0 can handle both public IP
> addresses, forwarding all traffic for the one to the PS3 and the other
> operating as it is now. This would be accomplished using 1:1 or
> Advanced Outbound NAT. Or get a switch and connect both the m0n0wall
> and PS3 directly to the modem.
>
> If you will be limited to a single public IP address and you must do
> some port forwarding then you may be stuck identifying the affected
> ports and forwarding them manually.
>
> db
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>   


-- 
Adam Gibson
Internet Systems Admin
Pro Tech Monitoring Inc.
727 484-3100 ext.1258