]> pfSense, NAT traversal and games. 🌐:aligrant.com

pfSense, NAT traversal and games.

Alastair Grant | Thursday 5 January 2017

I'm currently sporting pfsense as my firewall of choice. It can be easily tweaked to do quite a fair bit.

One of the things to bear in mind when using a firewall like pfSense is gaming. Many games today operate on a peer-to-peer basis and try to avoid all that complicated port-forwarding stuff. There are various ways to crack this nut, some better than others, but you can be sure that you'll land up with a game that doesn't do it very well from time to time.

The latest problem I've had is with Viscera Cleanup Detail - an amusing idea of a game where you have to clean up the mess left by the protagonist in your typical sci-fi shooter. It's coop but I haven't been able to join a game with friends.

As far as I can make out, STUN is being used to try and traverse NATs and failing miserably at it as everybody seems to have pretty robust firewalls. If your firewall uses a Symmetric NAT (why wouldn't it, it's one of the more secure ways of doing it), then STUN is going to let you down miserably as the source port on your client is going to be different from the source port on the external interface of your router.

With pfSense you can work around this by implementing a custom outbound NAT rule:

  1. Login to web administration
  2. Go to Firewall, NAT
  3. Select the Outbound tab
  4. Add a new rule:
    • Interface = WAN
    • Source = Network [your client IP address]/32
    • Translation Address = Interface Address
  5. The magic bit, tick the "Static Port" box in the translation section
  6. Save and Apply

This will only work for one computer, and I'm not sure what chaos it will cause elsewhere. Unfortunately unlike firewall rules, you can't assign a schedule to this, but it is easy to turn on and off when needed.

Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.