Cisco Pix Firewall in front of a Playstation 3.

 
Tags: , , , , ,

If you saw this tweet, you’ll see that a little while ago I had some fun with Playstation 3 online gaming; it’s probably my own fault because I’m possibly the only person with a version 6 Cisco Pix Firewall at home in front of their playstation.

If you want to get online gaming working though your firewall there’s a really good online reference here and my specific grumble about having to open up a shed load of ports for EA’s Burnout paradise is documented in their support area.

To summarize, this is what I’ve got open:

General Playstation Network Ports, these always need to be open.

udp 3658
udp 3478-3479

Open these extra ones for Motor Storm

udp 3659 – 3660

Open these extra ones for Burnout

udp 3659
udp 9600-9699

If you to have a cisco pix, you’ll need to open an entry on your outside access-list, something like

access-list outside permit udp any any eq  3658

and you’ll need a static entry….

static (inside,outside) udp interface 3658 playstation3 3658 netmask 255.255.255.255

For lots of ports the access-list command supports the range statement, so

access-list outside permit udp any any range 9600 9699

But you won’t be so lucky with statics, you’ll have to add an entry for each port, I created a small bash shell script to automate the task…

#!/bin/bash
#9600-9699
for i in `seq 9600 9699`;
do
        echo "static (inside,outside) udp interface $i playstation3 $i netmask 255.255.255.255"
done

I then pasted the output into my pix. If you are having problems here are some references that might be useful are the cisco pix command ref and the pix nat guide.

nick

 

This entry was posted on Wednesday, 5th March, 2008 at 10:14 pm and is filed under Playstation3, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “Cisco Pix Firewall in front of a Playstation 3.”

  1. kelly says:
    16th December 2008 at 1:32 am

    Will a firewall in front of your ps3 prevent me from getting my mac address banned?

    Reply
  2. Trix says:
    26th March 2009 at 5:53 pm

    If it makes you feel any better, I’m probably the only one with a Cisco 2620 as my firewall. :-)

    Reply
    • Drumdave says:
      10th June 2010 at 11:52 pm

      HI I have a 1841 and am in the middle of doing the access lists for my sons PS3 nightmare!

      Can you let me see how you configured your acess lists to be able to use the PS3 to connect to PSN.

      My son is driving me crazy with this…I thought i new what I was doing…Wrong.

      The ASA is easier than striaght ACL’s, but a good learning curve.

      Regards,

      David

      Reply
      • Nick says:
        11th June 2010 at 8:14 am

        Hi David,
        On a router the ACL on your “outside” interface should look something like this…

        ip access-list extended outside
        permit icmp any any
        permit udp any eq bootps any eq bootpc
        permit udp any any eq 3658
        permit udp any any eq 3659
        permit udp any any range 3478 3479
        permit udp any any range 3659 3660
        permit udp any any range 9600 9699
        deny ip any any log

        You also need a nat command for each port…

        ip nat inside source static udp PS3 3658 interface FastEthernet0/1 3658

        Good Luck!

        Reply
  3. izac says:
    9th November 2009 at 7:20 pm

    you are not alone :) I have a asa 5505 in front of my ps3

    Reply

Leave a Reply

 

Some other things that might interest you...

---
«
»