Virtual Box pfSense - Game/software server not being reachable int or external
-
I have recently moved my pfsense install from a small linux platform(hardware included) to a new server running Windows Server 2008 and Virtual Box. Once the VM was setup and I completed pfSense early configuration, I then uploaded my backup files, which is running a paid VPN service and has all traffic outside the tunnel, to be killed or blocked.
I have had no issues…except.. I cannot get certain programs or game servers to play nice. I wonder if it's firewall/nat rules related, however I did not have notice such a problem in the past. Then again most hosted games/software was Steam based, and as far as I remember, the rule of thumb is that if Steam works (as in simply works for any reason), then you should be able to host and have the connection be available to the outside world.
I can confirm that is the case with several games. However one in particular ARK, is giving me trouble. I can sometimes see the game using the LAN viewer, but trying to connect results in a time out. There was talk a while back on their forums that this is because of NAT loopback needing to be supported by your router. Assuming that was/is true, I was under the impression pfSense does this automatically (provided your NIC supports it) instead of you having to install the generic Microsoft loopback adapter in Windows. I am fairly certain my NICs support this.
After the VM was setup, Windows reports the adapters as follows :
Local Area Connection 5 - MS loopback/unknown network Windows treats it as 169.x.x.x
*[WAN]Local Area Connection - unknown network (this gets assigned a WAN IP by pfSense, however Windows treats it as 169.x.x.x)
*[LAN] Local Area Connection 2 - private network (gets assigned the IP I gave it in pfSense)
Virtual Box Host-only Network - VM's Virtual Adapter*both physical adapters are using standard/default Windows settings (automatic IPV4 and etcetc). pfSense is controlling their stats.
When I first ran the ARK server, I was able to instantly see my game in the LAN browser(both via Steam and in the game menu itself). Reading around forums, this was a good first step as many didn't get this visibility. When I attempted to join from another machine in the same internal network, I got a time out error after a while of connection attempt(s).
I looked at the address information for the server in Steam's server list LAN section and it said it was on 169.x.x.x. which matched the 169 address of the Virtual Box host adapter. I then disabled that adapter in Windows(which seems to have had no ill effect so far), reran the server and now it states that the server is using the 192 address of my Local Area Connection 2, the LAN. Immediately that looked better, I thought the issue was solved.
Unfortunately while the game shows in the LAN section of Steam's server list, it no longer shows in the LAN viewer from the game menu. Furthermore, when I search the server using my exit/WAN IP and port combination, it cannot be found by myself or any one else.
If I was just trying to connect from within the network and never cared about people joining from outside, then I would presume it was a firewall/rules issue(though my internal network has zero problems with any other activities or games/software). Also, the VPN service I use allows you to tell them what internal port you want forwarded, then their system handles the rest. They advise not to open any ports on your router/firewall and best to leave all traffic outside the tunnel, to wither and die. It has worked so far for me, never had to open any ports either with the VPN or in pfSense.
However since the outside world cannot see my server as well, I'm inclined to think something more is at play.
Tomorrow I am going to set pfSense back to a pre VPN pre outside-tunnel killing machine, and to something more standard, to see if the problem goes away.
If any one has a suggestion on what else to check and or run into something similar before, please let me know.
-
I don't know much about this specific kind of setup, but I know I've had issues in the past sometimes reaching games from behind a pfsense (mine is on a physical box). I found it works 100% better if you have static outbound NAT configured for each gaming device. No need to open ports typically. This worked particularly well on my PS4 and Windows 7 machines; it caused them to see the firewall as much less restrictive.
-
Hello sir thank you for responding.
I am still struggling to get outside connections into this box when they require forwarded ports. Where as in contrast to a mediating service such as Steam, people can join my games/programs.
In efforts to keep testing this and keep it simple, I began hosting a Team Speak server.
I have added a NAT entry(which automatically added it's own rule)that looks like :
WAN UDP * * WAN address 9987 192.168.68.253 9987
In my System>Advanced>Firewall area I have NAT Reflection enabled as 'Pure NAT' and the above NAT entry/rule is using this feature.
I believe I partially understand where you are going with the static outbound for the device(s)[which my server box would be] however could you explain a bit more or PM an example?
Thank you