Tournament Setup using pfSense
-
@kxx:
For 4) That's great to hear, we will enable UPNP. 5) Wouldn't UPNP resolve the problem of having to port forward the hosts ports? Also, both games host on unique ports already. "Static port NAT" is not something that I know about. Also, couldn't we just port trigger the host ports?
We are not going to shape traffic, but do you think we'll still have a problem with NAT reflection/UDP when it comes to online games?
UPNP is only used if the game or matchmaking engine supports it. L.o.L., H.o.N and Counterstrike:Online (diff. from CS 1.6 or CS:S) will be able to make use of this due to the matchmaking engine used. In this part of the world, LoL, Hon and WC3 typically ride on Garena Messenger which acts not only as matchmaking but also as a form of VPN tunnelling such that the uPNP punches the port for the tunnel and all the gameplay rides inside the tunnel to the matchmaking servers.
CS 1.6 and/ or CS:Source does not use uPNP and you should manually portforward if you want to allow online connection or have the server recognised as VAC secured (the heartbeat signal is required).
Static port NAT is different from port forwarding. Port forwarding is for forwarding a specific port on WAN to the LAN host. Static Port NAT is outbound forwarding where the LAN host source port (e.g. 27015 for steam servers) is retained on WAN.
Traffic shaping should not be required since you have lots of bandwidth compared to the amount of clients. However, you might need it if there are users who abuse the connection for large downloads or video streaming.
I've been able to put as much as 40 gamers off a 3m/768k connection with traffic shaping on pfSense without any issues before so your 100m/100m connection is more than plentiful for 50 clients.
-
UPNP is only used if the game or matchmaking engine supports it. L.o.L., H.o.N and Counterstrike:Online (diff. from CS 1.6 or CS:S) will be able to make use of this due to the matchmaking engine used. In this part of the world, LoL, Hon and WC3 typically ride on Garena Messenger which acts not only as matchmaking but also as a form of VPN tunnelling such that the uPNP punches the port for the tunnel and all the gameplay rides inside the tunnel to the matchmaking servers.
CS 1.6 and/ or CS:Source does not use uPNP and you should manually portforward if you want to allow online connection or have the server recognised as VAC secured (the heartbeat signal is required).
I see, but is this also necessary if we're just hosting CS 1.6 / CSS games locally?
Static port NAT is different from port forwarding. Port forwarding is for forwarding a specific port on WAN to the LAN host. Static Port NAT is outbound forwarding where the LAN host source port (e.g. 27015 for steam servers) is retained on WAN.
Is this hard to setup in pfSense (port forwarding and static port NAT)?
Traffic shaping should not be required since you have lots of bandwidth compared to the amount of clients. However, you might need it if there are users who abuse the connection for large downloads or video streaming.
Hmm, we might have video streaming (through YouTube) but we have explicitly told people not to use torrent. But, given our huge bandwidth, do you recon that the network will be strained if people are streaming video?
I've been able to put as much as 40 gamers off a 3m/768k connection with traffic shaping on pfSense without any issues before so your 100m/100m connection is more than plentiful for 50 clients.
Yeah, our network administrator said that we'd been granted a huge line and that this was more than necessary, but he was just being kind :-)
Merry X-Mas, thanks for the answers! I think we're definitely going to get the fund for this setup granted.
-
@kxx:
I see, but is this also necessary if we're just hosting CS 1.6 / CSS games locally?
Is this hard to setup in pfSense (port forwarding and static port NAT)?
Hmm, we might have video streaming (through YouTube) but we have explicitly told people not to use torrent. But, given our huge bandwidth, do you recon that the network will be strained if people are streaming video?
Merry X-Mas, thanks for the answers! I think we're definitely going to get the fund for this setup granted.
1) You shouldn't need to if the games are purely on LAN unless there is a need for achievements or VAC secure.
2) It's similar to most other routers configuring for Port forward. Static Port NAT works similarly except in the reverse direction. Plenty of guides on this in the Games sub-forum
3) With that much bandwidth, you're unlikely to have an issue since most of your games are hosted locally (or at most up to the WAN gateway).
-
Maybe a bit late in the discussion, but this might help you:
http://forum.pfsense.org/index.php/topic,32700.msg169054.html#msg169054 -
Maybe a bit late in the discussion, but this might help you:
http://forum.pfsense.org/index.php/topic,32700.msg169054.html#msg169054That sounds kinda overkill for a smallish LP ~40-50 users.
The antivirus part is important though.
Past LP's I've helped out in, we had similar and more measures in place. Including allowing only headsets (since we were holding parties in houses and didn't need neighbours complaining), checking of antivirus and also, verifying power consumption usage of the rigs.
The last part started after we had power trips when people started bringing in heavily overclocked dual-opterons and overloaded the grid.Other funny issues we had were people spilling coffee onto powerstrips and tripping the circuit breakers. Since then, we enforced having all powerstrips stuck on to the bottom of the tabletop especially since the incident took out a linux fileserver cum gameserver and we lost the 12 drive raid array.
-
- You shouldn't need to if the games are purely on LAN unless there is a need for achievements or VAC secure.
That's what I thought. We wouldn't want people from outside connect to our tournament game either ;)
But still, games like League of Legends and Heroes of Newerth require a constant internet connection. In either case, we'd like that every client has internet access in case they'd want to use Skype, TeamSpeak, etc. as a means of communication. This only means that we won't be forwarding the CS/:S ports.-
It's similar to most other routers configuring for Port forward. Static Port NAT works similarly except in the reverse direction. Plenty of guides on this in the Games sub-forum
-
With that much bandwidth, you're unlikely to have an issue since most of your games are hosted locally (or at most up to the WAN gateway).
Okay, that's great to hear! :)
Maybe a bit late in the discussion, but this might help you:
http://forum.pfsense.org/index.php/topic,32700.msg169054.html#msg169054Thanks, I'll look into it!
-
<snipped>PS: Please do not install squid or such stupid things on a LAN party. Not all games like it if you connect through a proxy and it makes no sense to "cache" any data. You want to play and this game data you cannot cache. Forget about squid for that.</snipped>
In my prior experience a lot of LAN parties involve downloading drivers, games, game levels, etc. All of these work well coming from Squid and can reduce the bandwidth usage a lot.
-
<snipped>PS: Please do not install squid or such stupid things on a LAN party. Not all games like it if you connect through a proxy and it makes no sense to "cache" any data. You want to play and this game data you cannot cache. Forget about squid for that.</snipped>
In my prior experience a lot of LAN parties involve downloading drivers, games, game levels, etc. All of these work well coming from Squid and can reduce the bandwidth usage a lot.
We've been given a very large bandwidth and because of this I'm willing to not install Squid. It simplifies the network setup and I don't really see it necessary.
-
We usual provide a "public" r/w fileserver which is intended to store all updates, maps, ect. for everyone.
If something is missing anyone can upload it. -
We usual provide a "public" r/w fileserver which is intended to store all updates, maps, ect. for everyone.
If something is missing anyone can upload it.Well, considering that we're going to have a large amount of bandwidth and a "larger-than-needed" machine to handle the connections, is it possible to also setup a file hosting server that runs simultaneously with pfSense? I was thinking something like a simple HTTP or FTP server, nothing fancy. It is running on Linux, so maybe we could provide a 3rd party app to run on the kernel that pfSense provides?
-
@kxx:
Is it possible to also setup a file hosting server that runs simultaneously with pfSense? I was thinking something like a simple HTTP or FTP server, nothing fancy. It is running on Linux, so maybe we could provide a 3rd party app to run on the kernel that pfSense provides?
Does anyone know if this could be accomplished using on of the addons for pfSense?
-
@kxx:
@kxx:
Is it possible to also setup a file hosting server that runs simultaneously with pfSense? I was thinking something like a simple HTTP or FTP server, nothing fancy. It is running on Linux, so maybe we could provide a 3rd party app to run on the kernel that pfSense provides?
Does anyone know if this could be accomplished using on of the addons for pfSense?
I "fileserver-tool" is not a common package what should be used on a firewall.
Something similar to pfsense is "freenas".
http://www.freenas.org/You can use "Proxmox"
http://www.proxmox.com/
as virtualization basis. Then virtualize pfsense for routing and freenas as storage system. -
I "fileserver-tool" is not a common package what should be used on a firewall.
Something similar to pfsense is "freenas".
http://www.freenas.org/Silly me, of course not! FreeNAS looks like it's what we'll need! Thank you for that!
You can use "Proxmox"
http://www.proxmox.com/
as virtualization basis. Then virtualize pfsense for routing and freenas as storage system.To me, Proxmox appears as a Mail Gateway. How could I use it to virtualize pfsense and freenas? Also, what does "virutralize" mean? :P
-
@kxx:
(…)
To me, Proxmox appears as a Mail Gateway. How could I use it to virtualize pfsense and freenas? Also, what does "virutralize" mean? :P:P
-
I wasn't even looking for that, thank you! The machine we're building for our network doesn't have a harddrive.
How would you go about installing Proxmox, FreeNAS and pfSense? Extract the files like so?:G:\ [USB drive root] | +pfSense--- [folder] | |... [files from pfSense image] +FreeNAS--- [folder] | |... [files from FreeNAS image] +Proxmox--- [folder] | |... [files from Proxmox image]then mount the USB drive and … ? The HDD is blank from install, so I don't know how I am going to do something like this.
-
usb-drive? i wouldn't even dream about running virtualhost with two clients on usb-drive. It just taste like bad christmas meal
-
usb-drive? i wouldn't even dream about running virtualhost with two clients on usb-drive. It just taste like bad christmas meal
The install will be from an usb-drive, as in, we will boot from an usb drive to install different things. The installation itself will be on a hard drive (as mentioned in my original post).
-
aah ok, I haven't used Proxmox-ve by myself so i don't know if it supports or not installing from usb-drive
-
You could try this:
http://code.google.com/p/pfsense-cacheboy/wiki/Pfsense_Samba
Though I haven't tried it and I can't recommend it! ::)Steve
-
Is there a special reason why you want to have everything on the same machine?
Keep everything as simple as possible.
I bet you have somewhere a 5 year old machine lying around that noone uses.
It doesn't have to be fast, just be able to serve files :)
