Packet Port Number Changes on Playstation Network
skypilot65
Newbie ✭
I am trying to get a Playstation 4 console which sit behind the TZ670 firewall to be properly recognized by the Playstation network (PSN). The console has a static IP of 192.168.1.70. My problem is that when I look at the packet trace is that the destination port of 3478 is changed by the PSN server to a source address of 3479. This means that when the packet is received by the firewall it will be dropped since it doesn't have the original 3478 port number, which is exactly what it should do. The dropped pack indicates a drop code of 742, yet when I look it up it is "Packet dropped - TCP option (MSS) not allowed in non-SYN segment".
I have tried to use specific NAT rules but nothing seems to work, including turning off the "Source Port Remap" option.
I have attached an image of the packet trace, the access rules and service groups used.
If anyone out there has any clue on how to solve this issue it would greatly appreciated.
Best Answer
-
CORRECT ANSWERskypilot65
Newbie ✭
Solution:
Was to raise the NAT rule priority! Something SW techs didn't even come up with.
5
Answers
That's pretty odd behaviour. It's not your end doing the port remapping, it's them, so that NAT policy option won't make any difference.
The only way you're going to get this working would be to forward port 3479 to the device in question.
I dont recommend ANY zone to ANY zone rules.
Also I noticed you are specifying the Source Port in your access rule as the same as the Destination Port. Thats not how this works. Source ports are usually ephemeral.
What happens if you do a specific LAN (or whatever zone the PS4 is in) to WAN access rule allowing the PS4 IP access to any IP on any port? Does it work?
Suggested reading:
https://en.wikipedia.org/wiki/Port_%28computer_networking%29
https://en.wikipedia.org/wiki/Ephemeral_port
@Arkwright & @TKWITS
Here is the latest setup I have in the TZ670 and it is still dropping the packet as shown previously. Unfortunately, I am a newbie when it comes to Sonicwall firewalls, but I'm learning on the fly.
I have reviewed numerous documents from Sonicwall about port forwarding but they don't solve the problem. One document said to create a "Security Policy" but for the life of me I can't find it in the firewall. Thanks
TBH, it hadn't even occurred to me to just google it! Behaviour in the packet capture looked so odd I thought there was no chance of fixing this.