Date: Sat, 28 Nov 2015 07:47:53 -0200 From: =?iso-8859-1?B?VGhvbeFzIFMu?= Bregolin <thomas5th@gmail.com> To: Graham Menhennitt <graham@menhennitt.com.au> Cc: freebsd-ipfw@freebsd.org Subject: Re: connecting a PS4 via IPFW Message-ID: <20151128094753.GA5426@bloo> In-Reply-To: <56592B3D.5070800@menhennitt.com.au> References: <5655405C.1060301@menhennitt.com.au> <20151127180317.GA3661@host> <56592B3D.5070800@menhennitt.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
Besides the redirect_port option, you still need rules allowing traffic
in to those ports. Excuse-me if you've done that already (I have no way
of knowing).
I'd suggest forwarding one or all of those ports to another host, and
testing with netcat in order to rule out problems with the PS4
configuration or some other problem upstream in your network. Sniffing
with tcpdump might help. There are "port checkers" out there if you
don't have another external address to test from (like canyouseeme.org).
To do proper DMZ, yes, you'd either use more physical interfaces and
connections, or VLANS. That could be overkill in your situation, unless
you're really keen on having a very secure home network.
Best of luck,
Thomas
Sat, Nov 28, 2015 at 03:19:09PM +1100, Graham Menhennitt:
> On 28/11/2015 05:03, Thomas wrote:
> > Aren't your regular NAT rules in NAT instance 1? That command will
> > overwrite those and leave just the new ones.
> >
> > If that's the case, you can put those rules in a different NAT instance,
> > or add them to the rest of your NAT rules.
> >
> >
> > Wed, Nov 25, 2015 at 04:00:12PM +1100, Graham Menhennitt:
> >> Hello IPFWers,
> >>
> >> I have a box running FreeBSD 10-stable that I use as a
> >> router/firewall/NAT. It runs IPFW and uses kernel NAT. My son is nagging
> >> me about playing multi-player online games on his Sony PS4.
> >>
> >> From what I've read, I could enable UPnP. But I've tried compiling the
> >> net/miniupnpd port but it won't build for IPFW (and I don't want to
> >> convert to PF).
> >>
> >> Giving up on that, I'm now trying to enable port forwarding -
> >> apparently, this will fix it. I've allocated the PS4 a static IP address
> >> on my LAN. I need to port forward TCP ports 80, 443, 1935, 3478-3480,
> >> and UDP ports 3478-3479. I've tried the following command:
> >>
> >> ...
> >> but that completely kills my Internet connection for all other uses (and
> >> the PS4 still doesn't work!).
> >>
> Thanks for responding, Thomas. You're right - that's what's killing my
> Internet connection. I've changed the command to:
>
> ipfw nat 1 config if re1 same_ports \
> redirect_port tcp ${PS4_LAN_ADDRESS}:80 80 \
> redirect_port tcp ${PS4_LAN_ADDRESS}:443 443 \
> redirect_port tcp ${PS4_LAN_ADDRESS}:1935 1935 \
> redirect_port tcp ${PS4_LAN_ADDRESS}:3478 3478 \
> redirect_port tcp ${PS4_LAN_ADDRESS}:3479 3479 \
> redirect_port tcp ${PS4_LAN_ADDRESS}:3480 3480 \
> redirect_port udp ${PS4_LAN_ADDRESS}:3478 3478 \
> redirect_port udp ${PS4_LAN_ADDRESS}:3479 3479
>
> At least it doesn't kill anything now. But the PS4 still doesn't work.
> When I do "Test internet connection" on it, it says "NAT: Failed".
>
> For a DMZ, I need a separate network for the PS4 - is that right? That
> means a separate physical connection (i.e. WAP or cable).
>
> Thanks again,
> Graham
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151128094753.GA5426>