5 pcs, 5 Static ip's one game with one port

bkblood

Hello my and my roomates are trying to play Call of Duty Modern Warfare 2 and we all want to enable hosting. The pc version icorporates the Xbox style match making and selects the best Host prior to game starting. The port you need open for Nat - Strict to change from Nat - open is 28960. Well obviusly you cant open the same port on all 5 computers. That where i wanted to use my 5 static ip's. I set up 1:1 which allowed me to open that port on all the ip's and everyone was open BUT im guessing since nat reflection doesnt work with 1:1 we are unable to join eachother if one of us is picked as host. we can all play together if another outside person is chosen as host. So its definently a local thing. Iv read many posts. they say enable split-dns but that is for hostnames. The game will use strictly ip. I tried upnp but once one computer takes that port no one else gets it. Iv herd people say use Manual outbound nat to redirect that Vip to the lan ip but i cant figure out how to do that.. If anyone can give me an alternative to 1:1 and still be able to have each computer on its own static ip would be great.

Thank you,
BKBLOOD

GruensFroeschli

Personally i would drop the 1:1 NAT.
I assume you created VIPs for your additional IPs.
You can use these VIPs in normal NAT port forwardings as well.
I would:

• Forward port 28960(?) from the VIPs to their corresponding internal IP.
• Enable AoN and create for each VIP an outbound rule with the static port setting.
• Enable NAT-reflection.

Like this you can use NAT-reflection, but still have each client on it's own IP.

ANother possibility would be to create on top of the 1:1 NAT you already have another normal port-forward which is just there to trigger the NAT-reflection. (1:1 NAT > normal NAT)

bkblood

Ok well i did what you suggested and removed 1:1. I have each box setup to route to the static ip's and 28960 is succesfully opened on all 5 box. BUT still when we try to join each other it just sits and says trying to join host.. does nothing after that.. Nat reflection is enabled. I will attach screenshots. So im guessing im still not able to reflect back to lan.. I didnt provide a picture of nat reflection cause its obvius if its unchecked its enabled.. What else am i missing?

Thank You,
BKBLOOD

pirateghost

i have a similar situation with 3 computers.  same game.  upnp works about 5% of the time.

i REAAAAALLLLY want this to work properly, because this is the way of the future of gaming, and its just going to get more complicated unless something is done soon.

bkblood

Yeah there must be a way to route the static ip's BACK to the lan but i thought thats what nat reflection does? :/

GruensFroeschli

Your screenshots look right.

Could you do a TCP-dump to see if the packets actually get redirected?

bkblood

Ok well i tried the tcpdump and i may have figured out the cause.. Let me try to explain..
When i use my computer (lan ip=192.168.0.244 Ext. IP=70.90..35) to connect to the computer next to me (lan ip=192.168.0.243 Ext. Ip=70.90..33 < Wan ip) in Modern warfare it says Trying to join 1.. 2.. 3.. etc. ok so looking at tcpdump it shows 192.168.0.244.28960 > 70.90..33.60893: UDP, length 29… Notice the port 28960 comin from mine destination 60893??? What port is that??!! is it random? ok so i thought that might be it.. its routing to the wrong port. but wait! Trying to connect to MY routed box from the non routed box i get 192.168.0.243.28960 > 70.90..35.28960 the port is the same... WTF! im sooo confused.

Thank you!

Again here is a better diagram

VIP Box: lan ip=192.168.0.244 --- Ext. IP=70.90..35
Non-VIP box:lan ip=192.168.0.243 --- Ext. Ip=70.90..33

Connect from VIP box to Non-VIP:  192.168.0.244.28960 > 70.90.***.33.60893: UDP, length 29 (notice port)

Connect from Non-VIP to VIP Box:  192.168.0.243.28960 > 70.90.***.35.28960

bkblood

Still having problems waiting patiently

Thank you

Efonnes

Which pfSense version is this?  I ask because I know that on 1.2 - 1.2.2 (versions I've used), NAT reflection is broken for at least udp for sure when you select the tcp/udp option for a port forward rule. (it got fixed while 1.2.3 was being worked on; I had found a problem in the code generating the settings for it)

If you aren't on 1.2.3, you can work around this by separating those tcp/udp rules into separate rules for tcp and udp individually.

bkblood

1.2.3-RELEASE built on Sun Dec 6 23:21:36 EST 2009

is the version i am running. How would i create these said rules if i was using port 28960 example would be awesome thank you

Efonnes

OK, that isn't the issue then.

Looking through the other information you've given, it seems that you don't have it using a static port for connections from the computer behind the WAN IP.  Try also making an outbound NAT rule for 192.168.0.0/24 with destination port 28960 and static port enabled, then see if it still changes the port as you described above.  Be sure to place it above that last rule, since the rules are processed top to bottom.

bkblood

I will give that a try when i get the chance. Thank you all for the help :) ill let yall know if it worked