Hi, looking for advice, from a rookie

Th3ory

Hi, I'm in search of some help with my PFsense setup if any are willing to help.

Firstly, I'm pretty new to networking/routing/firewalls and very new to PFsense, so please be kind/patient if possible :)

Background: I have been involved in a small sector on online gaming called Command&Conquer, I have played it for many years online competitively. A few years ago, the EA servers were shut down and a server named RevoraC&C is now running a server for many of the c&c games for online players. Only a small portion of players are left. How the server has been described to me goes like this; all the players connect to the Revora server, once we start a game; say 1v1,2v2,4v4 ect, it goes to a P2P type setting and all the players in that game linkup. There have been issues of players being able to connect with each other from the start, however most of use can all connect to each other, with a handful of players using vpns to help.

My Internet specs: Vyve broadband cable docsis3.1; 1 gig download and 60mbps upload. I use a Arris g34 as my gateway and I have it in Bridge mode to whatever router I am using at the time.

My older setups: In the past I have used a netgear/netduma-xr500 and a gs-ax3000 Asus router. I have had the best luck with the older ASUS router.

Current setup: I have built a few desktop gaming pcs over the years, I'm now on a i5 13600kf/rx6700xt desktop. I had my older i7 7700k desktop just sitting around and had heard of people tuning their older desktops into routers. So, I turned the old i7 7700k/z270-a mobo desktop into a router and installed the PFsense as the firewall software.

Current Issues: After setting up PFsense, I now have my internet going through the G34 gateway in bridge mode to me desktop turned router with PFsense. As far as web browsing, youtube, ect. It runs great. However, when trying to play my C&C game on revora im running into trouble. I can log into Revora. I can log into the server itself with my Lan IP or a static IP I create in PFsense. However, when I try and join to other players I can only join to a few people, maybe 3 or 4 players out of 50 to 70 players online. Why I can connect to just these few people I have no idea.

Things I have tried: I have followed the Port Forward guild for the game: forwarded UDP ports 8808-65535. After this I was able to connect to many more players, but still couldn't connect to 50% of the players.
I tried enabling UPnP, and I don't believe I could connect to any more players at least it was not noticeable.

Conclsion: While I use my xr500 or my Asus router, I can connect to every player, while using PFseanse I can maybe connect with 50% of the players at best. Being I have such little experience with this type of stuff am I spinning my wheels in the mud trying to figure out how to get PFsense to connect to more players? Or am I perhaps missing something simple? I have used VPNs in the past on my gaming desktop itself with success in helping play the game with fast less laggy games, I think it helps with routing in the p2p part of the game or maybe it bypasses restrictions of the players set ISP rules, I'm not sure most the players on the Revora server are speared around the world and we all link up daily to play. Hopefully I didn't make a fool of myself with this long rant, I am interested if anyone might have ran into issues like this; connecting to a game that uses a P2P type of setup and trying to connect to all the different players themselves and not a single game server?

Gblenn

@Th3ory Hi, welcome to the forum!

First of all, having such a powerful PC only running as a router seems like a bit of waste... :) Lot's of people run pfsense as a virtual machine on Proxmox, myself included. Allows for a lot of other cool stuff as well...

Anyway, I have not played C&C but a number of other games, mostly Call of Duty series. A few of them have been really difficult to get to work fully behind pfsense. However, since a few releases back UPnP seems to work quite well and I have had no issues at all connecting to others or them connecting to me.

I guess one thing to check is if your public IP is a "real" public IP or if your ISP uses CG-NAT? If so, your public IP is of a range which may give you some trouble using UPnP. Otherwise the best bet is to make sure UPnP is set up correctly.

Under Services / UPnP & NAT-PMP:
Tick the first three boxes - Enable, UPnP Port Mapping and NAT-PMP Port Mapping,
External interface is WAN and Interfaces selected is LAN.
The only other thing on that page is the bottom part where I have
'allow 3074-65535 MYGAMINGPC-LANIP/32 3074-65535'
Where 3074 is a port used by several of the games.
You could set the lower and upper limits to C&C if you want, but start broad, perhaps 1024 even.

On the Firewall / NAT / Outbound tab I have selected Mode Automatic.

Now under Status / UPnP & NAT-PMP you should see the source IP of your gaming PC, and the ports it has requested, if this is working...

If not, check Status / System Logs / System / Routing
And look for any problems reported wrt upnp.

Not sure I'm looking at the correct version of C&C but it seems it wants the following ports open:
TCP: 6667, 28910, 29900, 29920
UDP: 4321, 27900

So not only UDP, and some ports much lower than what you had configured...

Th3ory

@Gblenn Thanks for the replay!!

I have talked back and forth with my ISP provider over the last few months, and I am sure I don't have a carrier grade nat.

However, it looks like I have not set up UPnP correctly. I need to go back into UPnP and make sure I have set it up correctly. Thanks for the input, gives me a place to start from.

Th3ory

This post is deleted!

Th3ory

This post is deleted!

Th3ory

@Gblenn said in Hi, looking for advice, from a rookie:

The only other thing on that page is the bottom part where I have
'allow 3074-65535 MYGAMINGPC-LANIP/32 3074-65535'
Where 3074 is a port used by several of the games.
You could set the lower and upper limits to C&C if you want, but start broad, perhaps 1024 even.

I don't see where to input this information on the UPnP tab

Gblenn

@Th3ory If you tick the box that sais default deny, and then the +Add box at the bottom, you should get an empty field where you add an ACL entry.
It's not required, but it's good measure to do it this way, as you limit the usage of UPnP to the devices of your choice.

Th3ory

So I believe I have setup UPnP correctly, even watched a few videos. However, I can get anything to come up in Status>UPnP, just won't show anything active.

Gblenn

@Th3ory Hmm, I usually see at least one or two ports showing up in the list as soon as I start a game. The page does not dynamically update though, you have to refresh it, or click "UPnP & NAT-PMP" to get it to refresh.

It would look like this after starting MW3 and MW2 for example.