J PS4 NAT Fix
How to get PS4 to report NAT type 2 when at university?
Problem is that he cannot port-forward the required ports to his PS4. The fix is to route all his PS4 traffic over a VPN to home and port forward from our home ADSL to his PS4.
Multiple steps needed and a few false starts so far.
Update
Update 26th January 2023 - although we have got each bit to work they are not all working together. I think the reason the change in Linux bridge network introduced into the kernel a couple of years ago, called DSA. I need to document how to change the networking, so that the ‘main’ interface is a bridge interface and the other ‘virtual’ interfaces are linked to the bridge (think of a bridge interface as a network switch). I have also been reading up on VLANs; a plan is to try using VLANs to link PS4 LAN to home LAN.
Raspberry PI had no route back to PS4 - fixed by
sudo ip route add 192.168.181.0/24 via 192.168.100.2 dev tun0But removed some other rules to find that, which break PS4 NAT test.
Overview
Tell PS4 it has IP address which is a subnet of the home network. Link that subnet to home using a VPN tunnel.
Issues are:
- University network does not support UPNP or port forwarding.
- Our ADSL router does not support subnets and additional static routes.
- UDP is needed, so usual solution of port fowarding over SSH tunnels is not suitable.
Target
- PS4 has IP address 192.168.181.4/255.255.255.0 with a gateway of 192.168.181.254 (or perhaps .2)
- Thinker runs OpenVPN with IP address of 192.168.181.2 connecting to pi1 with address of 192.168.181.254
- pi1 runs router with port forwarding to forward
OpenVPN
Thinker and Pi1 have been linked using OpenVPN.
This needs testing, it was tested from Thinker to Far1 - dad has since moved the config files (and port forward from ADSL) to pi1.
IP Addresses
| Device | Interface | IP/CIDR | Gateway/ Notes |
|---|---|---|---|
| PS4 | main | 192.168.181.4/24 | 192.168.181.2 |
| Thinker | eth0 | 10.x.x.x/yy | as assigned by uni network |
| eth0:1 | 192.168.181.2/24 | OpenWRT pkts from PS4 to 192.168.182.254, pkts to PS4 forward to 192.168.181.4 | |
| tun0 | 192.168.100.2/24 | OpenVPN interface | |
| pi1 | tun0 | 192.168.100.254/24 | OpenVPN interface |
| ??? | ??? | OpenWRT interface to receive PS4 packets and fwd to ADSL or PS4 | |
| eth0 | 192.168.182.2/24 | 192.168.182.254 | |
| ADSL | eth0 | 192.168.182/254/24 | ADSL to internet |
NOTES
- Currently uysing IP address on tunnel of 192.168.100.1/2/254.
- Set
- the home ADSL router considers it part of the address it can manager (192.168.182.254/22 = 192.168.180.0-192.168.183.255)
- dad starts OpenVPN server with the command sudo systemctl start openvpn@juni.
- J need to try command sudo systemctl start openvpn@client
- need to add OpenVPN ccd files so Thinker knows to route 192.168.182.* via pi1 and needs to know to route 192.168.181.* via Thinker.
iptables commands
On Thinker
Route all traffic from PS4 (192.168.181.4) to ADSL router (192.168.182.254)
iptables -t nat -A PREROUTING -s 192.168.181.4 -j DNAT --to-destination 192.168.182.254_On pi1
Route all traffic incoming on forwarded ports to PS4
2007 sudo iptables -t nat -A PREROUTING -p tcp -m multiport --dports 3478:3480 -j DNAT --to-destination 192.168.181.4
2010 sudo iptables -t nat -A PREROUTING -p udp -m multiport --dports 3478:3480 -j DNAT --to-destination 192.168.181.4
2009 sudo iptables -t nat -A POSTROUTING -j MASQUERADE