pfsense gaming

I see this question asked a lot on both reddit and the pfsense forums, so I wanted to share what I did to get open NAT and let my kids be able to game without all the fluff that is out there...

This is my current hardware specs, not that this has any bearing on what's to be done:
Intel(R) Core(TM) i3-9100T CPU @ 3.10GHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (active)
QAT Crypto: No
16G Ram
500G nvme

Let's start from the top and go to...

System / Advanced / Firewall & NAT

head down to the Network Address Translation section, I disable NAT reflection unless absolutely necessary.



Firewall / Aliases / IP

Only part we are concerned with is the gamingPCs rule.


Click add and create the rule to match how many gaming PCs/Consoles you have on your network and what their IPs are... you should either set them as static IPs or give them static DHCP reservations for this to work properly.


Services / UPnP & NAT-PMP




Firewall / NAT / Outbound



Under Mappings, create a new rule for your gamingPCs.



I think this is it... The only parts I did not cover is setting either a DHCP reservation or static IP for your gaming PCs/Consoles. You can find that documentation on the pfsense forums.

Hope this helps.

docker, systemd and nfs walked into a bar...

So I recently had some power issues and realized that things were not starting up in the correct order. I'm sure most people have figured this out, but I wanted to put it here for my own well being.

First, make sure that your fstab file is correct for your nfs mounts.

x.x.x.x:/mnt/thunder/audio /mnt/nas/audio nfs rw,intr,nfsvers=3,x-systemd.automount 0 0
x.x.x.x:/mnt/thunder/video /mnt/nas/video nfs rw,intr,nfsvers=3,x-systemd.automount 0 0
x.x.x.x:/mnt/rain/docker   /docker        nfs rw,intr,nfsvers=3,x-systemd.automount 0 0 

Then we need to make sure things start up in the right order. For docker, I added...

vim /etc/systemd/system/multi-user.target.wants/docker.service

[Unit]
... snip ...
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service docker.mount mnt-nas-audio.mount mnt-nas-video.mount

... snip ...

To find what your mount names are, you can run the following command.

systemctl list-units | grep /mnt

This should make it where the fstab mounts will mount automatically, and then the docker service (or any service you wish) will only start after the successful nfs mount.