[SOLVED]Getting kicked out from playing Overwatch
-
So what are you using the pfBlocker GeoIP rules for on the WAN interface.
To Block all countries bar one for your inbound rules ?
-
@NogBadTheBad please see my posting above
And it is default on the wan interface and I am blocking almost everyone but some countries for incoming connections to my server, but is this really related to my Overwatch problem? -
@Bob-Dig said in Getting kicked out from playing Overwatch:
@NogBadTheBad please see my posting above
And it is default on the wan interface and I am blocking almost everyone but some countries for incoming connections to my server, but is this really related to my Overwatch problem?Your using pfBlocker wrong then.
You need to create an alias in pfBlocker and use it in a firewall rule to pass, doing it the way you are every packet will be evaluated top to bottom till there is a match.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
I think you need to talk with your ISP.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
@NogBadTheBad One County or one list only would be easy because I could just Invert Source and everything would be fine. Your screen looks much more complicate to me.
So what I will do now is disable all geoblocking and all of pfblocker and will look if the problem still occurs.
Thank you for now! -
I think you need to talk with your ISP.
It is a big one, Germanys second or third biggest cable-provider, so no chance, they do what they do.
-
@Bob-Dig said in Getting kicked out from playing Overwatch:
I could just Invert Source and everything would b
Is it Telecolumbus ?
Whoever it is they are doing something funky as your router has a different IP address to what's reported by whatsmyip.
-
@NogBadTheBad Yes. But this IP is "made" for this and I can open ports etc. There is nothing I can do about it and maybe it is an pfsense-only or Fancy-Firewall-only problem.
-
@NogBadTheBad So after disabling pfBlocker I had no problem playing Overwatch, although it might be to early to say that definitely.
Anyway, maybe all this geoblocking was to much and had unintended consequences?
So I am looking at this alias permit thingy and I don't understand it at all.
When I permit something, where is it blocked in the first place to make any sense?
I made one up but couldn't see it under rules, where is it?
Maybe you have a link which fully explains it? -
After watching it more closely I think I get it, how it works. Or at least, I am getting there.
Interesting...
But it doesn't work with NAT or does it?
It does, was on the wrong tab.
Now I have to see if it is any good:
-
Your on carrier grade NAT.
Triggering snowflakes one by one..
Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box. -
You just need to follow the screenshots that i posted to create an alias with all the countries you want to allow through then use it in your allow alias.
The less rules / matches the firewall needs to process the better.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
Are those carrier grade nat ip address, never come across cgn before?https://chrisgrundemann.com/index.php/2012/100640010/
Also doesn’t cgn break customers doing port forwards?
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
You just need to follow the screenshots that i posted to create an alias with all the countries you want to allow through then use it in your allow alias.
The less rules / matches the firewall needs to process the better.
That's what I did on my last screenshot. It is a little more complicated to set up or maybe there are more easy options I don't know. Also I hope this will help with Overwatch, I still don't know for sure, because I like this game but only in small doses.
Are those carrier grade nat ip address, never come across cgn before?
Also doesn’t cgn break customers doing port forwards?
Whatever they do, I can open ports, so would be interested to know the right term for that.
PS:Still getting marked as spammer here, even without VPN, I have to remove the beginning of each quote.
@NogBadTheBad I also made some port aliases so my rules on WAN now look more clean (less rules). Again, thank you!
-
@NogBadTheBad said in Getting kicked out from playing Overwatch:
Also doesn’t cgn break customers doing port forwards?
Yep. Many people will be behind the public IP address he is behind. no way to port forward and that address is not routable from the outside. Any kind of port forward would have to be set up by the ISP you your NATt'd address.
Technically you are double NATt'd.
Id be interested to see your firewall logs..
pfblocker would be pretty useless on the WAN.
-
pfblocker would be pretty useless on the WAN.
Don't ask me how it works but I can instantly do port forwards by my own.
-
So you have open ports from the outside?
If for some reason your ISP was NATting every address in their system I suppose they might put you in a DMZ of sorts.. Can you do a test at GRC.com and show the results here?
https://www.grc.com/x/ne.dll?bh0bkyd2
Ive already tried a port scan and came up with nothing. You might have the US blocked so Id understand but..
Just because you can build a port forward doesn't mean anyone is getting to you. Maybe other customers behind your CGNAT..
-
@chpalmer Like I said before, yes I can. You can believe me or not...
And I had no more problems with overwatch after changing the geoblocking to what @NogBadTheBad has suggested.
-
@Bob-Dig said in Getting kicked out from playing Overwatch:
@chpalmer Like I said before, yes I can. You can believe me or not...
Didn't say I don't believe you.. I am saying that based on your input here.. Your WAN address is 100.65.134.66 and your public IP address shows up as 82.119.9.xxx (you still have it visible in a post above). That means you are behind some kind of NAT. Normally when you are behind CGNAT in such a way there is no way to get to you by accessing the public address you are behind. Usually the carrier has many customers showing up behind the same address. If they have somehow "port forwarded" to you we cannot possibly know that without someone coming along and telling us otherwise.
(Unless you are double NAT'd behind your own modem and failed to mention that or I missed that above.. The address your WAN shows up is pretty specific and Id not guess that you chose that.)
Since you are obviously behind CGNAT then you have to take that into account in trying to diagnose your connection problems here.
Many times a carrier will use CGNAT as a side benefit to them to keep residential service customers from hosting servers.
Triggering snowflakes one by one..
Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box. -
@chpalmer I even have a rule just for GRC, which doesn't work anymore, because now the geoblocking is in the portforwards.
And no double-NAT on my side.
