Help please for firewall config PS4 CoD

Dopam-IT_1987 · November 22, 2020, 4:22am

hello everybody is what settings is correct, is my settings after a lot of search for call of duty player

thanks

@hisham2630 @moeller0 @dlakelan @Happi maybe i can help ?

trendy · November 22, 2020, 7:07am

Better post here the output of uci export firewall rather than screenshots. Use preformatted text (the </> button) when you paste console output.

Dopam-IT_1987 · November 22, 2020, 9:13am

type or root@OpenWrt:~# uci export firewall
package firewall

i have add the rules 

config include
        option path '/etc/firewall.user'

config rule
        option name 'traffic rules ps4'
        option family 'ipv4'
        option dest 'lan'
        option src 'wan'
        list dest_ip '192.168.2.PS4'
        list src_ip '192.168.1.wan'
        option src_port '3074'
        list proto 'udp'
        option dest_port '30000-45000'
        option target 'ACCEPT'

config nat
        option name 'ps4 nat rules'
        option src 'lan'
        option dest_ip '192.168.2.PS4'
        option src_ip '192.168.1.wan'
        option src_port '3074'
        list proto 'udp'
        option dest_port '30000-45000'
        option target 'MASQUERADE'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config redirect
        option src 'wan'
        option name 'dmz'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'
        option src_dport '3074-9308'

config redirect
        option src 'wan'
        option name 'dmz'
        option src_dport '30000-45000'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'

root@OpenWrt:~#
 code here

trendy · November 22, 2020, 9:36am

If you are doing NAT and redirect the traffic to the lan, then the rules have no meaning. Then the nat is not needed since you are generally masquerading.
Regarding the 2 last redirects, there are way too many ports opened. Are you sure the game requires them all?

Dopam-IT_1987 · November 22, 2020, 9:39am

i'm not sure no you think i just configure the masquerade for gaming ? not firewall traffic rules just nat rules and port forward dmz ? @Knomax maybe are you an idea

trendy · November 22, 2020, 9:43am

I'm not sure I understand your question.

The 2 rules at the top and the nat are not needed. Port forwards are needed. And better not use upnp due to security concerns.

Dopam-IT_1987 · November 22, 2020, 9:56am

ok if i understand like there

type or root@OpenWrt:~# uci export firewall
package firewall

i have add the rules 

config include
        option path '/etc/firewall.user'



config nat
        option name 'ps4 nat rules'
        option src 'lan'
        option dest_ip '192.168.2.PS4'
        option src_ip '192.168.1.wan'
        option src_port '3074'
        list proto 'udp'
        option dest_port '30000-45000'
        option target 'MASQUERADE'


config redirect
        option src 'wan'
        option name 'dmz'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'
        option src_dport '3074-9308'

config redirect
        option src 'wan'
        option name 'dmz'
        option src_dport '30000-45000'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'

root@OpenWrt:~#
 code here

trendy · November 22, 2020, 9:58am

The first section with nat that you have is not needed (and is wrong).

Dopam-IT_1987 · November 22, 2020, 10:06am

config redirect
        option src 'wan'
        option name 'dmz'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'
        option src_dport '3074-9308'

config redirect
        option src 'wan'
        option name 'dmz'
        option src_dport '30000-45000'
        option target 'DNAT'
        option dest_ip '192.168.2.PS4'
        option dest 'lan'
        list proto 'udp'

ok just like there i keep

trendy · November 22, 2020, 10:09am

Looks better. Just make sure you are forwarding the correct ports. The ranges 3074-9308 and 30000-45000 seem rather big.

Dopam-IT_1987 · November 22, 2020, 10:11am

ok thanks trendy i'm seems if better hit detection

Happi · November 22, 2020, 5:29pm

Just curious which COD you playing?

Dopam-IT_1987 · November 22, 2020, 11:36pm

cold war

Happi · November 22, 2020, 11:52pm

well that game doesn't deserve much attention anyway.

Happi · November 23, 2020, 12:20am

@Dopam-IT_1987

config queue 'eth1'
	option ingress_ecn 'ECN'
	option itarget 'auto'
	option etarget 'auto'
	option interface 'eth1.2'
	option debug_logging '0'
	option verbosity '5'
	option qdisc_advanced '1'
	option squash_ingress '1'
	option qdisc_really_really_advanced '1'
	option iqdisc_opts 'docsis besteffort ingress nat'
	option eqdisc_opts 'docsis ack-filter nat'
	option linklayer 'none'
	option squash_dscp '1'
	option qdisc 'cake'
	option script 'layer_cake.qos'
	option egress_ecn 'NOECN'
	option upload '0'
	option download '85000'
	option enabled '0'

this is what i ran on my setup, it worked for me quite well, i used layercake with cake and opened all my xbox ports and that was about it.

this was setup for my cable internet which have odd down and upload speed, 5 up and 100 down

Dopam-IT_1987 · November 23, 2020, 12:24am

ok you are in uk no ? because mine not docsis

i'am on dhcp orange vdsl2 type network

Happi · November 23, 2020, 12:27am

nope sorry, that script might not work for you then