New COD MWII Blocked By pfSense
-
Hello,
I am trying to run the new COD MWII on PC through Steam and it's getting blocked by my Netgate SG1100. Stuck at 'Status: Logging Into Online Services'.
Tried following the port forward steps for Steam listed here but COD remains blocked/stuck at 'logging into online services'.
It is kind of interesting they do not have the info for 'PC', perhaps because the game is so new but I would presume the Steam port forward settings should work?In any case, I cannot get COD MWII unblocked for the life of me. Here are my current port forwards and associated rule configs ->
As a test I popped on a wireless hotspot, completely bypassing my pfsense firewall and COD MWII loaded right in, no issues. I snagged a connection baseline while successfully connected to COD and the ports looked different than what is suggested by portforward.com ->
Regardless, I tried portforwarding with the information I found through a successful connection to the game but nope! No luck connecting to the new COD MWII (2022 version) through my pfsense firewall.
Furthermore, I tried enabling UNP, outbound nat, updating to latest version of pfsense, enabling hybrid outbound nat, etc but hitting a wall. Anyone know what the heck may be going on?
Any help is appreciated.
Thank you.
-
@emjeezy said in New COD MWII Blocked By pfSense:
Any help is appreciated.
It's normal that 'some site' doesn't know everything about 'some program' :
Have a look at site of the authors of the game, Activation.
They published this list :
https://support.activision.com/articles/ports-used-for-call-of-duty-games -
There is no freaking way you need to allow for unsolicited inbound traffic to login..
To host a game maybe, to allow for feature X maybe. But to login - nope no way. What your issue is not sure, but I would bet like my left nut it has nothing to do with allowing for inbound unsolicited traffic.
If that was the case - then nobody behind a cgnat would be able to play this game for example. In what world would that make sense that a maker of a game would cut off a large portion of their possible users? Lets not forget complexity of forwarding ports, or failure for UPnP to work behind say a double nat, or by default its quite often disabled..
So in such a scenario that inbound traffic is needed to even login, a huge portion of the user base would be unable to get in..
As a test I popped on a wireless hotspot
And you think that hotspot allowed unsolicated inbound traffic?
-
@gertjan Updated firewall rules and NAT to reflect the port forward info from activision but that did not help, same issue - stuck at 'status: logging into online services'.
-
@johnpoz Disabled the LAN connection on my computer, used my wifi card to connect to my mobile hotspot and it works a 100%. Also works behind the firewall if I pop on my vpn (PIA).
-
@emjeezy none of which have anything to do with unsolicited inbound traffic. Your vpn sure isn't allowing inbound unsolicited.
Forget your port forwarding for now, and troubleshoot why you can not connect, is something not resolving, are you sending traffic from your public IP an not getting an answer.
When you use vpn, do you use different dns. Are you running anything pfsense like ips, or proxy, blocking dns with lists with pfblocker.
Are you filtering outbound traffic? Or are you using the default any any rule?
edit: Could be a peering issue with your isp. Since vpn and different connection (hot spot off your phone) would be taking a different route. But again neither of those connections would be allowing inbound traffic unsolicited to your IP
Shoot it could be they have your isp Ips blocked.. But its not a inbound port issue. And out of the box pfsense doesn't block any outbound. So either you have modified that, are doing something with ips, or trying to proxy that is not working, or dns is a problem.
I would think if there was something odd with this new game and even logging in with pfsense - then wouldn't the forum be on fire with people having issues, also on other social media. I can't believe your like the 1 user using pfsense wanting to play this new game ;) hehehe
-
@johnpoz Good questions. Exploring your suggestions and will have a response soon. Thanks John, this has been a pain!
-
@emjeezy If your not doing anything with pfblocker or IPS, and are not running proxy. I would prob start with a packet capture, under diagnostics.
Filter it on your device that trying to login.. Set the limit to 0 so you not limited to 100 packets. Close down all other connections are your pc, don't have like 50 tabs open in your browser for example. Anything else that might be phoning home, or other apps running that make outbound connections. I would flush the local machines dns cache, ipconfig /flushdns on a windows machine. Open your browser (make sure its not using doh for dns).. Or run the application that lets you login. Launch the game..
Then try and connect.. Is any traffic actually blocked with logs? I wouldn't think so if your using the any any default rule. Let it try for a bit.. Then take a look at your packet capture. Do you see any dns that didn't get answered? Any connection attempts (syn) that didn't get back a syn,ack.
Any outbound UDP? that doesn't see to get a response.
Post up this pcap if you want others to take a look at what could be failing.
-
@johnpoz I would also start from a clean firewall slate... no special rules, no ports forwarded, check your Outbound NAT to make sure it's clean, etc.
-
@rcoleman-netgate I would concur.. should be pretty much a default install..
-
When you use vpn, do you use different dns.
not explicitly no. On my hardline connection, my sg1100 provides DNS (using google 8.8.8.8)Are you running anything pfsense like ips, or proxy, blocking dns with lists with pfblocker.
I do have pfblocker but it has been disabled for a long time. No other proxy or ips set upAre you filtering outbound traffic? Or are you using the default any any rule?
firewall>nat>outbound setting, i am not filtering outbound. Only using default any any rule.I would think if there was something odd with this new game and even logging in with pfsense - then wouldn't the forum be on fire with people having issues, also on other social media. I can't believe your like the 1 user using pfsense wanting to play this new game ;) hehehe
yah for sure. At first i thought it may be a network wide problem on activision end and in relation to the NEW COD MWII,but yah, quickly found I seem to be the only one having this odd issue ;-/
Ran a packet capture on my gaming pc LAN IP, while trying to connect to COD MWII ->
pcap is attached. packetcapture(1).pcap
-
@emjeezy your pcap isn't actually attached, I can not download it.
You want to use the file upload, not image and might need to change to .pcap extension vs .cap
test cap
Testing file upload of pcap or .cap they seem to be working.
Make sure you use file not image
-
@rcoleman-netgate firewall is mostly default config, lightly configured. Will keep in mind though, ty.
-
@emjeezy that capture shows no connections at all to anything external
And looks like you are limited to 100 packets.. But there is no info in that pcap that would help.. Since your not trying to go anywhere other than 172.16.25.2 which sure isn't a internet IP.
You have some remote desktop connection in that sniff - I see the RDP 3389
-
@johnpoz i think the pcap i need to do is WAN and not local. Problem is with the WAN pcap i cannot filter (at least not from pfsense) on the local IP.
-
@emjeezy no lan is fine.. That sniff has zero traffic going to any internet address in it.. To get to the internet you have to send it to pfsense right? But pfsense isn't seeing any traffic going to the internet in that sniff.
-
You have some remote desktop connection in that sniff - I see the RDP 3389
yes i am remoted onto my gaming pc right nowTrying the pcap again on lan..
-
@emjeezy nor did see even any dns queries in that sniff. Only thing see in there is part of remote desktop connection.
You most likely filled up your sniff before you even started anything because you didn't change the limit from 100 to 0
-
@johnpoz said in New COD MWII Blocked By pfSense:
You most likely filled up your sniff before you even started anything because you didn't change the limit from 100 to 0
right, i forgot to change the 'count' to 0. changed it now and running another pcap while trying to connect to COD..
-
@emjeezy make sure you flushed the clients local dns cache as well - so we can see if any dns queries it asks for are not being answered.