chiaki
chiaki copied to clipboard
thestr4ng3r
Firewall ports for connecting to PS4 Pro
I am having issues seeing my PS4 Pro with Chiaki when my firewall is turned on my Arch Linux box. What ports do I need to open in order to connect?
TCP 929, UPD 9297
9295-9304 – TCP/UDP.
TCP 80, 443, 1935, 3478, 3479, 3480, 9295
UDP 3478, 3479, 9296, 9297, 9303
I use Openvpn, then you do not need to open ports
Really? That many ports need to be open? I had so far read that UDP 9296, 9297, 9303 should be open if you where using the official Playstation Remote Play app on Windows etc.
I've found remote play works with only 9304 (UDP) when using my Vita As per the instruction manual https://manuals.playstation.net/document/en/psvita/ps4link/viainternet.html
I tried so far with Chiaki opening UDP 9296, 9297, 9303 as mentioned the Official Playstation documentation for the app on Windows but Chiaki couldn't see my PS4 Pro until I turned off my firewall on my Arch Linux box completely.
Just tried opening tcp 9295 and udp 987, 9296 and 9297 and I still don't see my ps4 pro.
This is how a discovery looks like:
192.168.1.22 is Chiaki and 192.168.1.8 is the PS4. The source port is a random free one and the PS4 responds on that. Maybe your firewall is blocking that port then since udp is connection-less?
OK, I couldn't tell you. I am just using ufw as my firewall with the gufw as the gui.
@afettouhi: ufw (or rather iptables, to which ufw is just a frontend) can be told to log rejected packets - just run ufw logging on and then all the dropped packets will be logged into kernel buffer, which you can preview with dmesg (there you'll find information about all the dropped IPs, ports and so on).
@afettouhi:
ufw(or ratheriptables, to whichufwis just a frontend) can be told to log rejected packets - just runufw logging onand then all the dropped packets will be logged into kernel buffer, which you can preview withdmesg(there you'll find information about all the dropped IPs, ports and so on).
This the output I get from dmesg after turnning logging with ufw.
[ 2688.914985] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=12751 PROTO=UDP SPT=59389 DPT=38715 LEN=221
[ 2689.103771] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=54375 PROTO=UDP SPT=64551 DPT=38715 LEN=221
[ 2689.604084] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=21531 PROTO=UDP SPT=54283 DPT=38715 LEN=221
[ 2690.104217] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=9120 PROTO=UDP SPT=64530 DPT=38715 LEN=221
[ 2690.604105] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=30513 PROTO=UDP SPT=52281 DPT=38715 LEN=221
[ 2691.104453] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=102 PROTO=UDP SPT=54788 DPT=38715 LEN=221
[ 2691.604704] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=39302 PROTO=UDP SPT=60210 DPT=38715 LEN=221
[ 2692.104964] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=52153 PROTO=UDP SPT=55174 DPT=38715 LEN=221
[ 2692.604930] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=15741 PROTO=UDP SPT=60884 DPT=38715 LEN=221
[ 2693.105129] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=56708 PROTO=UDP SPT=61749 DPT=38715 LEN=221
[ 2709.112264] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=20318 PROTO=UDP SPT=59413 DPT=51513 LEN=221
[ 2729.117897] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=59906 PROTO=UDP SPT=59506 DPT=51513 LEN=221
[ 2749.124446] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=36604 PROTO=UDP SPT=56907 DPT=51513 LEN=221
[ 2769.131192] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=00:1f:bc:0f:3b:20:f8:46:1c:02:9f:60:08:00 SRC=192.168.0.13 DST=192.168.0.10 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=56657 PROTO=UDP SPT=61244 DPT=51513 LEN=221
This is how a discovery looks like:
192.168.1.22is Chiaki and192.168.1.8is the PS4. The source port is a random free one and the PS4 responds on that. Maybe your firewall is blocking that port then since udp is connection-less?
It seems like that. If I log with ufw and open up the src port it shows then I can see my PS4 in Chiaki. But sinceb this port is random how do I then set my fir4ewall settings for that?
@afettouhi what sort of configuration have you got with ufw then?
As @thestr4ng3r has stated, chiaki only needs to talk to the PS4 on ports 9295, 9296 and 9297, with 987 for wakeup. I can confirm this by connecting to my PS4 over the internet, with these ports open and forwarded with NAT.
But if we're talking about a firewall on your client PC, then I'm confused about why a random source port would be causing issues. There is [generally] a random source port for all connections, even those to any websites [destination port of 80 or 443].
The default policy of ufw, I believe, is to allow outgoing anyway. So if you've got filters on outgoing connections, then I'm curious how you've got it configured to allow your web browser to work?
No, I don't have any filters and I don't have any special configuration for ufw. I have a few ports open to get torrents and plex to work because I am behind a NAT.
Hey guys, I resolved my problem. I forward the next ports on my firewall: 9295(TCP), 9296-9297(UDP)
Hey guys, I resolved my problem. I forward the next ports on my firewall: 9295(TCP), 9296-9297(UDP)
What do you mean by "I forward the next ports on my firewall"? Are you forwarding these ports on you router firewall?
Hey guys, I resolved my problem. I forward the next ports on my firewall: 9295(TCP), 9296-9297(UDP)
What do you mean by "I forward the next ports on my firewall"? Are you forwarding these ports on you router firewall?
Exactly.
PS also forwards its own ports via UPnP, so make sure that you forwarded them as well if you didn't enable UPnP. Please, let me know if you need to know those ports, I can check them on my router.
PS also forwards its own ports via UPnP, so make sure that you forwarded them as well if you didn't enable UPnP. Please, let me know if you need to know those ports, I can check them on my router.
I tried port forwarding on my router the ports you mention and I still can't see the ps4 in chiaki when the firewall is on.
I tried port forwarding on my router the ports you mention and I still can't see the ps4 in chiaki when the firewall is on.
Sorry, I missed one port 9295 UDP. So in summary ports are next: 9295(TCP+UDP), 9296-9297(UDP). By the way, you won't see your PS in the application. If you are trying to connect from outside of your local network you have to specify your public IP address.
I am only trying to connect to my ps4 within my local network, so I should be able to see it in Chiaki?
me neither. I have tried forwarding ports as you suggested and I still can't connect to my ps4 pro.
TCP 929, UPD 9297 9295-9304 – TCP/UDP. TCP 80, 443, 1935, 3478, 3479, 3480, 9295 UDP 3478, 3479, 9296, 9297, 9303 I use Openvpn, then you do not need to open ports
Hi, do you need to set up anything to use it with OpenVPN? I have a OpenVPN server in my Raspberry Pi but I can't find the registered PS4. Please see https://github.com/thestr4ng3r/chiaki/issues/128 . Thanks!
I had to forward port 9295 both in UDP and TCP to register through the Internet. Looks like PS4 uses both TCP and UDP on port 9295 for registration. Once registered, it only requires UDP for gameplay.
@ritiek did you first register ps4 with under the same network? I have registered ps4 successfully under same network, but can't connect over internet. I have forward all necessary ports.
did you first register ps4 with under the same network?
No. I registered from a different network. But I don't that should matter since it seems like registration and gameplay use different set of ports.
I have these ports forwarded on my router (with which my PS4 is connected):
9295 - UDP and TCP both
9296 - UDP
9297 - UDP
9303 - UDP
and I can both register and play games remotely.
tcpdump can also be useful in debugging what ports are being accessed by Chiaki.
did you first register ps4 with under the same network?
No. I registered from a different network. But I don't that should matter since it seems like registration and gameplay use different set of ports.
I have these ports forwarded on my router (with which my PS4 is connected):
9295 - UDP and TCP both 9296 - UDP 9297 - UDP 9303 - UDPand I can both register and play games remotely.
tcpdump can also be useful in debugging what ports are being accessed by Chiaki.
I think at least part of the issue here is the first stage of the conversation between Chiaki and the PS4.
Problem
When Chiaki probes for the PS4 device (registered or not), it does so on broadcast from a random source port.
However, unlike most such discovery protocols the PS4 does not connect back to an established, IANA registered port. It uses the random source port Chiaki sent the probing packet from.
Which from a firewall PoV essentially means a random device initiates a NEW connection on a random destination port that has 0 chances of being open on Linux at least when restrictive firewalls policies are in place.
Thus if Chiaki is on a host that has a firewall that filters incoming connections including from the local network, I think it's never going to see the PS4 initial reply.
Even though I believe the protocol could be improved here, Chiaki's hands are kind of tied. The best workaround would be to assign a fixed IP address to the PS4 at router level and authorize that IP on both the ports mentioned here as well the user's system Ephemeral Port range.
Solution?
Despite IANA's recommendations: Dynamic/Private port range: 49152 to 65535, and Windows Vista+ do follow this I believe. However for once, Linux is the odd kid when it comes to respecting the standard's recommendation.
On Linux, one may obtain the corresponding port range by running:
sudo sysctl net.ipv4.ip_local_port_range
On my system, this gives:
net.ipv4.ip_local_port_range = 10240 65535
Authorizing the PS4 IP to access this range on UDP allows proper Chiaki operation on my side. Of course, the range is large but still doesn't cover the multiple-times afore-mentioned ports. So one will need both set of rules.
Here's a example on my Linux setup:
The firewall is started, the PS4 (x.216) tries to answer back with the exact source port it received the broadcast from as a destination port on the host which emitted the probe:
It's rejected as per the policy.
When the firewall is stopped, the connection to the random port works and the console is detected:
Suggestion
Maybe we could force a source port that could be opened on Chiaki's side but design wise it'd be an ugly hack and mess since ephemeral ports vary per platforms...
As an option maybe?
It seems this topic is related to my issue on nintendo switch : cannot connect over internet.
Perhaps we can imagine a texbox where the user can choose the port number instead oh hard-coding...
