1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Toastman Tomato Firewall Settings

Discussion in 'Tomato Firmware' started by teh_g, Nov 30, 2013.

  1. teh_g

    teh_g Networkin' Nut Member

    I am trying to troubleshoot some NAT Type issues I am having with my PS4. I want to avoid creating specific port forwards, since I think they should be unnecessary with UPnP. While poking around in the latest Toastman build, I found a few settings (Advanced / Firewall) I was curious about. Does anyone have some info on these? I did some Googleing and couldn't get much about what they would directly impact, etc.

    Specifically, I am wondering what impacts the multicast and NAT settings would have? Is there a chance that some of the multicast settings may help with the NAT issues I am having?
     
  2. koitsu

    koitsu Network Guru Member

    You mention having "NAT type issues" twice, except you don't actually describe what they are.

    If the PS4 claims to support UPnP but dynamic forwards aren't working (e.g. they don't appear in the UPnP GUI) then that would be a compatibility issue between the PS4 and miniupnpd, and you should probably work with the miniupnpd author to figure out what the cause is + get fixes in.

    Please don't adjust any of the other settings under Advanced / Firewall unless you know what they do. They are not the source of your problems.
     
  3. teh_g

    teh_g Networkin' Nut Member

    Specifically I am seeing that the NAT Type is listed as moderate when I would expect it to be open (among other network errors that occasionally popup stating "NAT Incompatibility). I do see UPnP entries in the table for the PS4, so it appears to be triggering correctly.

    Outside of the PS4, I would be curious what those settings actually do. I understand the principle of multicasting, but don't understand the firewall side or what impacts it could have for me.
     
  4. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    There are several potential sources of this problem:

    1. Is your modem a modem/router combo device? If so, is it in bridge mode?
    2. Do you have any other devices opening the same ports using UPnP, such as a PS3 or Xbox? Are they having the same problem of "moderate NAT", particularly when another device has been recently active? If so, you may want to consider assigning static DHCP leases to each of those devices.
    3. If all of the above have been addressed, then the incompatibility issue mentioned by koitsu should be considered. Are you able to do manual port forwarding?
     
  5. teh_g

    teh_g Networkin' Nut Member

    1. Is your modem a modem/router combo device? If so, is it in bridge mode?
    --Nope, I have a solo modem and an RT-N16 router (not in bridge mode)
    2. Do you have any other devices opening the same ports using UPnP, such as a PS3 or Xbox? Are they having the same problem of "moderate NAT", particularly when another device has been recently active? If so, you may want to consider assigning static DHCP leases to each of those devices.
    --I have not checked on my PS3 (I don't use it a ton now). I already have static DHCP setup for all of the known devices on my network. Looking at the UPnP tables, I don't see any duplicate forwards being setup there.
    [​IMG]
    3. If all of the above have been addressed, then the incompatibility issue mentioned by koitsu should be considered. Are you able to do manual port forwarding?
    --I was hoping to avoid manual port forwards, I like being hands off for that kind of thing, especially when devices aught to support UPnP. How do I get in touch with the author of miniupnpd? I am going to try and look into this now on my own, but any pointers are always appreciated.
     
  6. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Quick Google search revealed some issues with miniupnpd and both the PS4 and Xbox One. It can be set up to work in pfsense, so there should be a way to get it working in Tomato as well.

    The miniupnp forum link is http://miniupnp.tuxfamily.org/forum/

    I still prefer manual port forwards whenever possible, but I realize it's a pain when you have many devices.
     
  7. teh_g

    teh_g Networkin' Nut Member

    Port forwarding fixed the easy to reproduce issues, we will see how it goes with the random oddities. Thanks!
     
  8. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Would love to hear updates when you get things sorted. I'm sure there are a few forum members who are considering a PS4 or Xbox One.
     
  9. teh_g

    teh_g Networkin' Nut Member

    Marcel Tunks likes this.

Share This Page