PS3

Unanswered Question
Feb 13th, 2008

I have a PS3 on my network... How do i tell my pix506e that all traffic to and from that PS3 is ok! I don;t want the pix to block anything to and from that PS3.

as you can guess people are having problems connecting to play games over the internet!

the configuration if attached!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Wed, 02/13/2008 - 10:48

All traffic from the PS3 going out is not blocked, but the outside (internet) can not see the PS3. You will need to create a static NAT and add ACL rules to permit the traffic in.

You will need to know the ports the PS3 game uses or you could open the entire IP (not suggested). Here is a link that explains what you need to do as far as creating the statics and ACL for limited ports.

http://kb.packetpros.com/?View=entry&EntryID=22

If you wish to open all ports.

static (inside,outside) interface 10.9.2.206 netmask 255.255.255.255

access-list acl_home permit ip any any

This will break all remote connectivity to your firewall sourced from the outside (ie telnet/SSH for remote management).

HTH

jojuarez Wed, 02/13/2008 - 19:51

Hi,

As long as the communication starts from the inside you don't have to worry about opening ports because inside interface has a "permit ip any any" ACL by default and there's no need to open ports for returning traffic due to stateful connection.

On the other hand, if communication starts from the outside you need to create an static translation as well as to open the ports needed.

The other person recommended to do a static translation using the IP address of the outside interface. You may do so but bear in mind that no one else will be able to go out but the PS3 as the latter will use the only IP address you have.

You may contact Sony about requirements through NAT devices, there are some equipments out there that don't support PAT such as videoconference devices so port forwarding is not an option in those cases.

jojuarez Wed, 02/13/2008 - 19:53

Oh, one more thing. I noticed you're inspecting several protocols... are you really using those??

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

It is not recommended to have inspections for protocols that you're not using.

Actions

This Discussion