Juniper 5gt ps3 and vip problem nat type 3



  • Hi all,

    I have recently purchased a Juniper 5GT for my home enviroment after going on the Juniper Firewall course and i wanted to expand my knowledge further.

    Currently i have an issue with the NAT type on the PS3 which is showing as NAt Type 3.

    Let me explain my setup:

    I have 1 external ip assigned by for cable company.

    set service “ps3” protocol tcp src-port 1-65535 dst-port 5223-5223
    set service “ps3” + udp src-port 1-65535 dst-port 3478-3478
    set service “ps3” + udp src-port 1-65535 dst-port 3479-3479
    set service “ps3” + udp src-port 1-65535 dst-port 4658-4658
    set service “ps3 2819” protocol udp src-port 0-65535 dst-port 3658-3658

    set interface untrust vip interface-ip 5223 “ps3 5223” 192.168.1.15
    set interface untrust vip interface-ip 4658 “playstation udp 4658” 192.168.1.15
    set interface untrust vip interface-ip 3479 “ps3 udp 3479” 192.168.1.15
    set interface untrust vip interface-ip 3478 “ps3 udp 3478” 192.168.1.15

    set policy id 7 name “ps3” from “Trust” to “Untrust”  “Any” “Any” “playstation udp 4658” nat src permit log
    set policy id 7
    set service "ps3 5223"
    set service "ps3 udp 3478"
    set service "ps3 udp 3479"
    set log session-init
    exit
    set policy id 3 from “Trust” to “Untrust”  “Any” “Any” “DNS” nat src permit log
    set policy id 3
    set service "HTTP"
    set service "HTTPS"
    set service "POP3"
    set service "Remote Desktop"
    set service "sky e-mail"
    set service "SMTP"
    set url protocol sc-cpa profile "web filter"
    exit
    set policy id 4 name “Live Messanger” from “Trust” to “Untrust”  “Any” “Any” “MS-MESSENGER” permit log
    set policy id 4
    set service "Remote Desktop"
    set url protocol sc-cpa profile "web filter"
    exit
    set policy id 1 from “Trust” to “Untrust”  “Any” “Any” “ANY” deny log
    set policy id 1
    exit
    set policy id 5 from “Untrust” to “Trust”  “Any” “VIP(untrust)” “playstation udp 4658” permit log
    set policy id 5
    set service "ps3 2819"
    set service "ps3 5223"
    set service "ps3 udp 3478"
    set service "ps3 udp 3479"
    set log session-init
    exit
    set policy id 6 from “Untrust” to “Trust”  “Any” “VIP(untrust)” “Remote Desktop” permit log
    set policy id 6
    set service "web ui"
    set log session-init
    exit
    set policy id 8 from “Untrust” to “Trust”  “Any” “Any” “ANY” permit log
    set policy id 8 disable
    set policy id 8
    exit

    as you can see i have tried to use a vip however i get Nat Type 3.  I have used a mip and this worked successfully and i got nat type 2 however i do not wish to use a MIP as i may need this in the future

    any suggestions would be appreciated or if you need any further info from the config file please let me know

    regards

    david



  • I was wondering if any of you helpful folks would be able to send me their config file? I’ve been trying to get this fixed for some three years now and once and for all I would just like to see this show up as nat2 instead! 🙂



  • Yes it is a weird problem however. How I make it work for my PS3 going through my Netscreen 5GT running 6.2 screenOS is to create a MIP with NO policy. When I do the Internet test on my PS3 it says Nat type 2 instead of Nat type 3.



  • So, we have a new solution for the problem…! 🙂



  • **UPDATE - I have found a strange solution for this problem. I created a MIP & policy for getting around the NAT type 3 problem, which works. However the strange thing is I have disabled the policy for the MIP and now the NAT type has changed from type 3 to type 2 and it still works even though the policy for the MIP has been disabled!



  • I think the port numbers posted as needed to make PSN online communication work are incorrect. The only way I made it work is to use a MIP to open it up to everything on the Internet. Anyone have any other solutions for making this work?



  • Have seen the same issue an MIP was the only way to make it work 😞


 

31
Online

38.4k
Users

12.7k
Topics

44.5k
Posts