New COD MWII Blocked By pfSense
-
Thought of a good game plan while driving, that may just skip us over the complexities of a pcap and that is the good ol ‘process of elimination’. I plan to bypass my pfsense firewall and hardline directly to my bridge mode isp modem. From there, I will test COD. If it works then I plan to backup my pfsense config and then factory reset it, throw a generic config on there, plug my pc back into pfsense and test again…
I’ll keep you posted.
-
@emjeezy said in New COD MWII Blocked By pfSense:
I plan to bypass my pfsense firewall and hardline directly to my bridge mode isp modem.
while that is a plan, it doesn't always work out - the one thing that people forget is that your IP will change. So while it is a good plan.. Just because it works with IP X, doesn't mean that the ISP or the peering doesn't have a problem when you have IP Y..
So unless your going to make sure you use the same mac, and get the same IP when you change devices - its "still" possible to be upstream issue, or the destination blocking your specific IP.
But I agree its a good test.. Anything that provides more info leads us to what the actual root cause is.
-
@johnpoz right I hear you. It would be just for test purpose, basically to see if COD connects if I go straight through the isp equipment. Unfortunately that test got cut short because I plugged direct to isp modem and I get a 169..grrr.. don’t know why. Must of set the isp modem/router to bridge mode at some point, I factory reset it and still giving me a 169.
Usually I don’t even use the isp router/modem, rather, My current config I literally just have the frontier moca Ethernet adapter with plugged straight into my firewall (no isp router/modem) and this supplied my firewall with my public ip on my wan interface
Next test though, I have a spare sg1100 laying around that I forgot about, gonna default the config on it, hook her up and test that out…
-
@emjeezy reboot the cable modem. It's MAC-locked to the 1100. When you're done you will need to do it again to get the 1100 back online
-
we'll shucks, now my chances of my ip changing really just went up since i dont pay for static ip. Was trying to avoid that lol. Fair enough...will give it a go. Want to get to the bottom of this. Sure appreciate @johnpoz and @rcoleman-netgate tips and assistance.
-
@emjeezy Configure and enable Dynamic DNS. https://docs.netgate.com/pfsense/en/latest/services/dyndns/check-services.html
-
@rcoleman-netgate welp, when you said it's MAC-locked, you said a mouth full. I cannot get this ISP modem/router to budge. I finally got it to give me a valid internal IP but then it can't DNS/has no route...
Soon as I pop back in my PFsense and connect to the ISP moCA ethernet adapter, internet comes right back up. It's like it's stuck to my pfsense firewall/router which is a good thing and i'm becoming hesitate to keep fluxing with it from this perspective because then i'm gonna end up locked back to the ISP equipment and not be able to plug up my pfsene..
I am working on swapping my firewall out for one with a default config..we'll see how that plays..
-
alright so here i am behind my defaulted config firewall. Literally just defaulted the config and next through the initial setup. Very vanilla, default config and still cannot log into COD. New error though ->
-
Note - still works fine over my PIA vpn though..
-
has to be something on my ISP and or activision side right? They don't like me or my isp or my ip i suppose...
-
Detrick Lester? Travis Rilea? Yeah..presuming these are probably just COD dev names and mean nothing aside from indicating a general connection failure error.
We'll I do have my PIA vpn, which is fast and a useable workaround to game with COD but still...such a unique issue makes me curious. All the evidence so far points to an upstream issue and the options i think are to further explore some pcaps and or follow up with my ISP (frontier), perhaps partner with activision...
sigh...
-
Hi guys, so I think I nailed this down. Revisited my successful connection baseline - This connection baseline shows everything connected to COD from my machine while successfully logged into the new COD MWII using my VPN and this IP stood out to me ->
Why? Because after further analyzing my failed cod connection attempt pcaps, whattayah know - this 185.34.106.18 is throwing RST, ACK's at my public ip & dropping the connection (for whatever reason). Seeing lots of TCP Retransmissions as well as RST, ACKS from their end to my public IP.
I believe successful connection to this 184.34.106.18 is required for successful login to cod online services.
Just for good measure, I enabled DNS forwarding on my firewall and used google, same issue persisted.
Thinking this rules out a DNS problem. I'd conclude the issue is upstream between my ISP and COD/activision servers unfortunately.
Any further thoughts?
-
@emjeezy said in New COD MWII Blocked By pfSense:
etween my ISP and COD/activision servers unfortunately.
Or they are blocking you which is more likely - a RST would normally be sent by the server your actually trying to talk to... Its rare for a firewall to send a RST. That is OS thing.
185.34.106.18, that is most likely related to login yes, notice the IP for that login fqdn was only different by the last octet .26 vs .18
But since they send back a syn,ack doesn't seem like an IP block, there is zero reason to send a syn,ack back if not an IP you want to talk to.. Why would just not answer you, or just send a RST in answer to your syn.
-
@johnpoz Interesting...alright well, probably about as far as I'm willing to take this one but if any interesting further developments arise, I'll update.
Thanks a lot for helping me drill this down. I sure appreciate your assistance and expertise in this area. I can see why you are well regarded and respected on this forum.
Thank you!
-
Not sure about anyone else but I play MWII on XBOX Series X with static IP. There are ports for just accessing XBox Live. Then Activision has ports for updates/upgrades and game play separately. Keep in mind now, Activision says only UDP but that's BS because the System logs showed TCP on a bunch.
I spent two hours trying to figure this out and here are all the ports I had to allow just to get to play MWII multiplayer.
**I didn't go through each one to determine which is TCP vs UDP because I was too frustrated. Although I should but I allowed only these ports to the XBox IP address. At this point I'm just glad it's working...
Here you go:
88, 500, 1900, 3544, 3658, 4500, 49408, 5223
3073:3079
3478:3479
4379:4380
7000:27031
50039:50046
57863:57864
58143:58195If anyone cares to identify UDP vs TCP that would be helpful but I'm not going through the struggle...
-
Wow..so this ended up being a port configuration issue on my managed Netgear switch. The solution was figured out when I got another gaming computer on my network via hardline and tested COD MWII, logged in right away - no issues.
I then now finally knew the problem was for sure something unique to my primary gaming computer as the aforementioned test ruled out ISP and firewall entirely. Popped in a wifi adapter to my primary gaming pc, connected to my wifi (same network), no vpn, and viola - again was able to sign in with no issue. Started blaming my primary computer's LAN NIC but couldn't find anything wrong with it.
I recalled the 2ndary test gaming computer was hardlined to port 1 on my managed netgear switch while my primary gaming pc (the one with the issue)_ was hardlined to port 2. Popped my primary gaming pc into port 1 on netgear switch to test and VIOLA, no sign in issues to COD, HORRAY!
Finally took a look at port 2 on my netgear switch and saw that the port was configured for monitoring (probe). Probably something I set a long time ago when doing some testing/traffic sniffing on my network ->
Set it to Tx and RX / mirrored like the other ports and now port 2 is usable and able to successfully sign in to COD, hip hip horray!
This was very sneaky as even though the port on my switch was set to probe, it operated almost entirely normal but for whatever odd reason, bugged out in connecting to COD servers...
-
@emjeezy not sure what kind of setup your trying to do - but mirror and probe are for span ports - why would you be setting up a span?
There should be no probe or mirror ports.. This is for sending traffic seen on 1 interface to another interface for packet captures.. Why would you have that setup like that?
-
@johnpoz said in New COD MWII Blocked By pfSense:
@emjeezy why would you be setting up a span?
you about to open a whole another can of worms! LOL
This port config was set this way a long time ago for purposes of testing in my lab and not in any attempt to resolve the original COD sign in problem.
Not to get too off topic but the short story on why i set the port that way was is because I wanted to monitor traffic on my local network, as in sniff traffic between nodes, such as a client computer and my server. Appreciate the packet sniffer/tracer tool in pfsense but unfortunately it seems limited to only packet captures between LAN and WAN and not captures between nodes on the local lan. So that is why I started exploring SPAN/port mirroring options and it came back to bite me in the butt here because I forgot to shut it off.
-
@emjeezy said in New COD MWII Blocked By pfSense:
not captures between nodes on the local lan
No packet capture on pfsense would not be able to see traffic between devices on the lan. And sure that is why you might setup a span port on your switch to look at specific traffic be it short term or long term reasons.
-
@johnpoz Right, copy. Thanks again for everything John!