Another Counter-Strike Server problem…
-
Your Outbound NAT Rule looks good but….
You have a port forward rule for ports 27030-27050 but no corresponding firewall rule allowing those ports.
You have a firewall rule for port 1200 but no port forward rule.
The above can be fixed like this:
1. Lets setup an Alias:
a. Log in to pfSense
b. Click on Firewall then Aliases
c. Click on the + button to add an Alias
d. Enter a Name and Description (CS Ports seems applicable)
e. Change Type to Ports
f. Under Port enter 1200 and then hit + button
g. Repeat Under Port enter 27000-27015 and then hit + button
h. Repeat Under Port enter 27020 and then hit + button
i. Repeat Under Port enter 27030-27039 and then hit + button
j. Now click Save
k. You should see your new Alias under Firewall:Aliases2. Now you're going to delete one of your CSS Server Port Forward rules and edit the other:
a. In the CSS Server Port Forward rule you kept, hit edit and then go down to External Port Range using From: other and then in red box next to that type in your Alias name (CS Ports). If should automatically type in name for you recognizing the Alias.
b. Local Port should also automatically be filled in with Alias after the above step.
c. Hit Save.3. Now you're going to delete one of your CSS Server WAN Firewall Rules and edit the other:
a. In the CSS Server WAN Firewall rule you kept, hit edit and then go down to Destination Port Range using From: other and then in red box next to that type in your Alias name (CS Ports)
b. Destination Port Range should have To: other and red box next to that should be blank.
c. Hit Save.See if this helps any.
-
nope, i tried it, it didn't work, and i went back and rechecked everything u said, still no go :(
P.S. btw my version is 1.2.1-RC1 if that helps any…
-
Ok, go back into your CSS Server Firewall rule and check the box that says Log Packets That Are Handled By This Rule, Save.
Now try to connect in CS, when you see its not working go to pfSense and look in your Status/System Logs/Firewall.
Post up whats there so we can see if something is being blocked. You still have the default LAN firewall rule: LAN -> Any?
-
Reading a little further on CS Server port forwarding via Google:
Go back to your Aliases and add ports 5273 and 7002 to your CS Ports Alias. Save and try again
-
-
ok i added those and still no go.
-
Onhel i dont think the problem lies here.
I tend to suspect a missconfiguration of the server.
I've set up quite a number of HL/HL2 engine based servers and the only port you need forwarded is 27015 (if you're running a single server).
If you want your server to be listed on the public list you have to tell him so.
I dont remember anymore exactly what i had to do for the server to list itself on the list, but adding "inbound" NAT-forwardings isnt it.@ BRuTAL_HiTMAN_:
Have you verified that you can connect to your server withing your internal LAN by using the internal IP/port?
Did you check the firewall logs if anything gets blocked?
Can you tell us more about how your setup is? (what's in front of pfSense, type of WAN, everything)Can you connect a computer directly to the subnet you have on the WAN?
Can you try to access your server from there? -
Have you verified that you can connect to your server withing your internal LAN by using the internal IP/port?
Yes.Did you check the firewall logs if anything gets blocked?
I posted the logs on the previous post, or are these not the right ones that u need?Can you tell us more about how your setup is? (what's in front of pfSense, type of WAN, everything)
I live in a college dorm at Purdue University, my internet plugs into my school's network, but every port gets a public IP address.Can you connect a computer directly to the subnet you have on the WAN?
I asked a friend to and he said he can see it and connect to it. -
Ah sorry i didnt see this log.
But you being in a college dorm explains a bit. pfSense isnt the problem here.
Just having a public IP doesnt mean you're not restiricted.
Since your friend in the immediate WAN subnet is able to connect and the rest of the world isnt….
You will have to go to your net-admin and ask him very nicely (maybe with a big box of beer ::) ) to open up the ports for you on the colleges firewall.
I've never ever heard of any college/university that allows full access to all their IPs.
Otherwise every student would run a server of their own on the schools bandwith.... -
well actually i should have clerified, i asked a friend who lives in a different state who was on steam at the time to to try connecting. so no that's not it. Purdue does allow full access but they restrict bandwidth to 5 gigs up and 5 gigs down over a 24 hour period when it comes to off campus net usage, we have unlimited bandwidth when it comes to oncampus traffic. im an officer in a club at purdue called PUGG, www.pugg.net and we have LAN parties and a CS:S server hosted on campus, 24 man slot, but we have tournies at the LANs and when we do a 5 on 5 we have to lock out our pub server, so i want to setup my server in my room so i dont have to take it with me to the LAN party and we don't have to take down our pub and we can just have our tournament on that.
-
Nice terms you have for your server (i wish we had the same…) :)
But that doesnt explain why your friend in the immediate WAN-subnet can access your server and others cant.
If it works from the WAN subnet pfSense is doing it's job.I'm not sure how you could track the problem down from here.
Well you "could" fire up wireshark on a computer on the same collision-domain of your WAN-interface (if you have a hub lying around) and try to capture the traffic when your friend from the other state connects to see if the traffic actually gets to you. -
what im saying is, people off campus and on campus can see and connect to my server, but i can't connect to it thru the external IP nor can i see it on the master server list, i even added it to my favorite servers list and i can't see it, but when i go2 the LAN tab i see it.
-
Um.. How exactly can people off and on the campus connect to the server if not by the public IP?
Could you draw a diagram how the network is set up and from where to where you do your tests?
I kinf of remember that the difference between the LAN tab and the public/favorite tab is, that on the LAN-tab it just lists all server which are directly accessible via a broadcast.
I'm not sure, but isnt there also a setting on the server to set it to "local only" so it only listens to such broadcasts? -
no they CAN connect thru my public IP… for some reason my server on my LAN shows up as offline when i look up the public ip to ME, but when anyone tries to connect to it who is not on my LAN, they can see adn connect just fine. if i try connecting via my public WAN ip, it doesn't go, but if anyone else does, it does. people who are and are not on campus with me.