How do I test if something is being blocked, or find out what teh firewall is actually blocking on incoming connections?
-
Where you using UPnP to allow your inbound ports for your game?
Why would you game need inbound ports? Are you hosting a session - and other users can not connect to you?
As mentioned by Gertjan, out of the box ALL unsolicited inbound traffic would be blocked, so if it "ever" was working with pfsense you had either created the port forwards, or were using UPnP?
Going to need more info to help you.
On a bit of side note - What fios box do you have, more than likely it is doing nat as well, so for your game to allow for inbound traffic connected to it - have to assume it has UPnP enabled? Does pfsense or the device you connect to your isp box get a public IP or does it start with 192.168.x.x, 172.16-31.x.x or 10.x.x.x ?
Do you really need inbound? Or are you running say say IPS package, or Proxy or Pfblocker that could be preventing you from connecting to your game server outbound?
-
@johnpoz i tried disabling pfblockerng, same thing. This makes zero sense as it happened out of no where. Nothing changed from me playing the game six hours ago before it happened. It's the same thing that happened with cnc online private services where I could connect to anyone and visa versa.
Once again I know it's pfsense as any directed vpn connection to my network alleviates that. It makes no sense why suddenly the firewall tells me to screw off after a year.
I went into the log and see thr port the game is trying to come through, regardless I allowed EVERYTHING in from my friends IP address regardless of port or protocol, but the firewall still seems obsessed with blocking it regardless.
It keeps denying the rule, while it shouldn't be denying anything from him.
-
@nafeasonto said in How do I test if something is being blocked, or find out what teh firewall is actually blocking on incoming connections?:
I allowed EVERYTHING in from my friends IP address
The game server is hosted at your friend's place ?
-
@nafeasonto said in How do I test if something is being blocked, or find out what teh firewall is actually blocking on incoming connections?:
It keeps denying the rule, while it shouldn't be denying anything from him.
So you see his IP listed in the firewall rule as blocked?
You understand that just a firewall rule is not enough to forward traffic inbound to your PC/Box the game is on right?
Please post up the firewall logs showing these blocks that are happening. Pfsense out of the box will log all traffic blocked by the default block rule.
In which direction is the traffic being initiated? Are you sending the syn to his IP, or is he sending SYN to your public IP?
A vpn service do not allow inbound traffic to the vpn client, unless specifically setup.. And very few vpn services even allow this at all. So if your saying you can connect to him when you use a vpn on your client points to you initiating the connection.. Maybe your isp is having problem reaching his IP, maybe he is blocking your IP..
There is not near enough info to help you here..
-
@johnpoz I will explain more when I get home. Thanks for taking the time.
-
@johnpoz said in How do I test if something is being blocked, or find out what teh firewall is actually blocking on incoming connections?:
@nafeasonto said in How do I test if something is being blocked, or find out what teh firewall is actually blocking on incoming connections?:
It keeps denying the rule, while it shouldn't be denying anything from him.
So you see his IP listed in the firewall rule as blocked?
You understand that just a firewall rule is not enough to forward traffic inbound to your PC/Box the game is on right?
Please post up the firewall logs showing these blocks that are happening. Pfsense out of the box will log all traffic blocked by the default block rule.
In which direction is the traffic being initiated? Are you sending the syn to his IP, or is he sending SYN to your public IP?
A vpn service do not allow inbound traffic to the vpn client, unless specifically setup.. And very few vpn services even allow this at all. So if your saying you can connect to him when you use a vpn on your client points to you initiating the connection.. Maybe your isp is having problem reaching his IP, maybe he is blocking your IP..
There is not near enough info to help you here..
So I can explain this as I best I can.
When you are in "que" for this game, you randomly connect with someone to play with.' You can also do a direct invite. Regardless how you do it, it's direct connection between the two players, there is no back end server.
Getting the logs this is what happening (like I said before, this has NEVEr happened before). I changed nothing in my rules, or anything for that matter. So I don't understand why all of a sudden this would start blocking ANYTHING between the two connections:
And yes the VPN is allowing the connection as I made it a bridged connection.
AAAAnd it's working again. The only difference now is I updated the firewall firmware (the latest dev branch). SOmething isn't right here.
-
Do you have any rules on WAN ?
Any NAT rules ? -
@Gertjan said in How do I test if something is being blocked, or find out what teh firewall is actually blocking on incoming connections?:
Do you have any rules on WAN ?
Any NAT rules ?Are you looking for any specific rules? I have lots of rules on WAN, LAN, and NAT side.
-
@nafeasonto said in How do I test if something is being blocked, or find out what teh firewall is actually blocking on incoming connections?:
Is there way to see if the firewall itself is blocking it, or the ISP?
Well, there are port scans. A public one is www.grc.com. You can also run nmap, both locally against pfSense and then from elsewhere, to see if there's any difference.
-
@nafeasonto said in How do I test if something is being blocked, or find out what teh firewall is actually blocking on incoming connections?:
it's direct connection between the two players, there is no back end server.
Well then you would have the ports need port forwarded on your end... How do you do this - manually or do you allow UPnP to do it..
Connecting to them would have zero to do with pfsense out of the box because its default lan rules are any any outbound.. Simple sniff show you that pfsense is sending syn to their IP, etc.
You still haven't listed any logs show anything blocked, nor have you even stated if these connections are ipv4 or ipv6.
You haven't posted your rules, etc. So there is zero info here to to work with to help you figure out what your problem is.
For all we know the guy(s) you were trying to connect to were the problem. Or your isp talking to those IPs was an issue, etc. etc.
