Help please for firewall config PS4 CoD

hello everybody is what settings is correct, is my settings after a lot of search for call of duty player

thanks

@hisham2630 @moeller0 @dlakelan @Happi maybe i can help ? :wink:

Better post here the output of uci export firewall rather than screenshots. Use preformatted text (the </> button) when you paste console output.

2 Likes
type or root@OpenWrt:~# uci export firewall
package firewall

i have add the rules 

config include
        option path '/etc/firewall.user'

config rule
        option name 'traffic rules ps4'
        option family 'ipv4'
        option dest 'lan'
        option src 'wan'
        list dest_ip '192.168.2.PS4'
        list src_ip '192.168.1.wan'
        option src_port '3074'
        list proto 'udp'
        option dest_port '30000-45000'
        option target 'ACCEPT'

config nat
        option name 'ps4 nat rules'
        option src 'lan'
        option dest_ip '192.168.2.PS4'
        option src_ip '192.168.1.wan'
        option src_port '3074'
        list proto 'udp'
        option dest_port '30000-45000'
        option target 'MASQUERADE'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config redirect
        option src 'wan'
        option name 'dmz'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'
        option src_dport '3074-9308'

config redirect
        option src 'wan'
        option name 'dmz'
        option src_dport '30000-45000'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'

root@OpenWrt:~#
 code here

If you are doing NAT and redirect the traffic to the lan, then the rules have no meaning. Then the nat is not needed since you are generally masquerading.
Regarding the 2 last redirects, there are way too many ports opened. Are you sure the game requires them all?

i'm not sure no you think i just configure the masquerade for gaming ? not firewall traffic rules just nat rules and port forward dmz ? @Knomax maybe are you an idea

I'm not sure I understand your question.

The 2 rules at the top and the nat are not needed. Port forwards are needed. And better not use upnp due to security concerns.

2 Likes

ok if i understand like there

type or root@OpenWrt:~# uci export firewall
package firewall

i have add the rules 

config include
        option path '/etc/firewall.user'



config nat
        option name 'ps4 nat rules'
        option src 'lan'
        option dest_ip '192.168.2.PS4'
        option src_ip '192.168.1.wan'
        option src_port '3074'
        list proto 'udp'
        option dest_port '30000-45000'
        option target 'MASQUERADE'


config redirect
        option src 'wan'
        option name 'dmz'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'
        option src_dport '3074-9308'

config redirect
        option src 'wan'
        option name 'dmz'
        option src_dport '30000-45000'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'

root@OpenWrt:~#
 code here

The first section with nat that you have is not needed (and is wrong).

2 Likes
config redirect
        option src 'wan'
        option name 'dmz'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'
        option src_dport '3074-9308'

config redirect
        option src 'wan'
        option name 'dmz'
        option src_dport '30000-45000'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'

ok just like there i keep

Looks better. Just make sure you are forwarding the correct ports. The ranges 3074-9308 and 30000-45000 seem rather big.

3 Likes

ok thanks trendy i'm seems if better hit detection

1 Like

Just curious which COD you playing?

1 Like

cold war :wink:

well that game doesn't deserve much attention anyway.

@juju1366

config queue 'eth1'
	option ingress_ecn 'ECN'
	option itarget 'auto'
	option etarget 'auto'
	option interface 'eth1.2'
	option debug_logging '0'
	option verbosity '5'
	option qdisc_advanced '1'
	option squash_ingress '1'
	option qdisc_really_really_advanced '1'
	option iqdisc_opts 'docsis besteffort ingress nat'
	option eqdisc_opts 'docsis ack-filter nat'
	option linklayer 'none'
	option squash_dscp '1'
	option qdisc 'cake'
	option script 'layer_cake.qos'
	option egress_ecn 'NOECN'
	option upload '0'
	option download '85000'
	option enabled '0'

this is what i ran on my setup, it worked for me quite well, i used layercake with cake and opened all my xbox ports and that was about it.

this was setup for my cable internet which have odd down and upload speed, 5 up and 100 down

ok you are in uk no ? because mine not docsis

i'am on dhcp orange vdsl2 type network :confused:

nope sorry, that script might not work for you then