pfSense NAT (?) issues

elektron · January 8, 2022, 7:34pm

Hello from germany!

I have a very odd problem. My passion is to play Anno 1800 with my friends. Since ~ April/May 2021 I get an error in the game when I start it:

NAT Type unknown

Because of this error the Multiplayer in the game is greyed out and I cannot play online.

My setup looks like this:

ISP (Cable) → Fritzbox (Port operating in bridge mode) → PfSense WAN with Public IPv4-Address
[Fritzbox is a very famous brand of Routers in Germany]

System / Advanced / Firewall & NAT

NAT Reflection mode for port forwards: Pure NAT
Enable automatic outbound NAT for Reflection [checked]

Firewall / NAT / Outbound:

Hybrid Outbound NAT rule generation.
Static Port for my client

Firewall / NAT / Port Forward
Forwarded port 18000 upd to my client (192.168.30.147)

In the Diagnostics / States I see the following entries when I start the game. According to Ubisoft Port 18000 UPD is the Port used by Anno 1800.

VLAN30CLIENTS udp 192.168.30.147:18000 → 18.197.149.63:12000 MULTIPLE:MULTIPLE 39 / 30 3 KiB / 2 KiB
VLAN30CLIENTS udp 192.168.30.147:18000 → 54.221.24.138:12007 MULTIPLE:MULTIPLE 30 / 30 3 KiB / 3 KiB
WAN udp 5.xxx.xxx.xxx:18000 (192.168.30.147:18000) → 18.197.149.63:12000 MULTIPLE:MULTIPLE 39 / 30 3 KiB / 2 KiB
WAN udp 5.xxx.xxx.xxx:18000 (192.168.30.147:18000) → 54.221.24.138:12007 MULTIPLE:MULTIPLE 30 / 30 3 KiB / 3 KiB

I’ve already tried all different kind of settings according NAT but the game doesn’t detect my NAT correctly (it seems).

Here comes the odd thing:
During the holidays I reinstalled and reconfigured everything from scratch. After that it was working and I was very happy. My NAT was shown as “Moderate”.
Yesterday I want to play with my friend again and I get the “NAT Type unknown” Error again.

All I did in the meantime was that I’ve configured OpenVPN Server. I thought: “Ok, I saved a working config after I made everything new. I will just load the config and I will be good again.”
But I still get the same error even after loading the working config.

When I change my gateway to the Fritzbox (192.168.30.3) I get Open NAT within seconds.

I’m a little desperate. I can’t find the error and I don’t know where else I could look. The error is definitive within the PfSense.

Please help me to find the issue or maybe give me a hint what else I could check. If you need some more information please let me know and I will provide the requested information.
Thank you very much!

LTS_Tom · January 9, 2022, 10:35am

I don’t know the solution, but there is another thread on here about XBOX that might help

If no one here has any better suggestions you might also wan to post in the https://forum.netgate.com/

paolo · January 9, 2022, 1:18pm

It doesn’t surprise me that it works with the FritzBox as it has UPnP enabled by default while pfSense does not. A quick fix would probably be to enable UPnP on pfSense, but that is generally discouraged due to the security implications that come with it.

Though it working with the FritzBox also kinda speaks against it, could you please check whether your ISP (I’m guessing Vodafone) is using CGNAT? (To do that, compare the WAN IP reported by the FritzBox/pfSense against your actual public IP as reported by something like https://ifconfig.co/)

elektron · January 10, 2022, 12:38pm

Hello Tom!

Thank you for linking the thread. I also saw this link when I was researching for my problem some days ago. I’ve set up everything like recommended, but unfortunately I have still the same issue

What makes me wonder is: Why it was working after fresh install for some days? I configured OpenVPN on my pfsense and now it’s not working anymore. Even when I load the config from the fresh installation.

(btw. Thank you very much for your videos!)

elektron · January 10, 2022, 12:41pm

Thank you for your input Paolo!
I tried to enable UPnP on my pfsense too, but it seems like the game has issues to detect my NAT. My ISP is a small one from my region and they provide me a IPv4 address without CGNAT. The reported IPs are the same.

What makes me wonder is: Why it was working for couple of days after fresh installation of pfsense and doesn’t work anymore? Even when I load the config file from the day after the installation.

paolo · January 10, 2022, 3:39pm

Indeed, it is strange that it was working and then stopped seemingly randomly. I’ve had issues like that myself that I don’t understand to date.

What about the firewall on your PC, is port 18000 open there? Maybe try temporarily disabling Windows firewall if you’re comfortable with that.

elektron · January 11, 2022, 1:08pm

Hello Paolo!
Yes the port is open on my Windows Firewall. I even deactivated it for testing purposes, but no luck.
When my Windows firewall is active and I connect to the Fritzbox router it’s working. It must be something with the pfSense.
I will ask my provider to get a simple cable modem. I need the Fritzbox for VoIP, but I configure the Fritzbox to work as an IP Client. Maybe there is an issue with the bridgemode and pfSense.

Quite frustrating when you don’t know what else to check. I’m running out of ideas. Maybe another reinstallation…

paolo · January 11, 2022, 3:48pm

Apparently, Fritzbox devices cannot be set to bridge mode which makes me wonder how you think you achieved just that. If I remember correctly, you can configure an “exposed host” (i.e. double NAT) in the NAT options though. Is that what you did?

A problem with the modem currently seems more likely to me than a problem with pfSense.

elektron · January 12, 2022, 9:17am

My Fritzbox is able to use bridge mode and I’m also getting a public WAN IPv4 on my pfSense WAN interface. pfSense WAN is connected to LAN 2 on the Fritzbox.

But I will try to use the modem instead of the Fritzbox.

paolo · January 12, 2022, 10:09am

I did not know that. Does that mean though that you get multiple public IP addresses, one for the router behind the Fritzbox and one for the Fritzbox itself?

Then the only other thing I can think of if you’ve still got some time to spare until the new modem arrives is to try and forward a more easily testable port like a web server. Might be that the game is causing some sort of trouble, but it’s a long shot.

elektron · January 12, 2022, 10:28am

Yes you are right, I get two public IP addresses. One for the Fritzbox and one for the bridged port and the router behind.
I’m running a plex server with port forwarding and there it’s working like a charm. That’s why it is driving me so crazy

If I only knew how to troubleshoot this issue…
My only ideas right now are: Get Modem instead of fritzbox and/or reinstall pfSense again