game server connection issue
-
-
@stephenw10 said in game server connection issue:
And 10.10.2.122 is the game server?
So, no, it's 10.10.2.9?
@stephenw10 said in game server connection issue:
Can we see the full firewall logs, not the reduced version in the dashboard widget.
We need the full logs from Status > System Logs > Firewall
The LAN rules are allowing everything so those blocked packets are probably just FIN-ACK or RST-ACK.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html#troubleshooting-blocked-log-entries-for-legitimate-connection-packetsSteve
-
Sorry for that yes it was 10.10.2.9, was very late for me.FWLOG1.txt
-
Ok, there are no blocked connections from the game server (10.10.2.9) shown there but there are some from .126:
Sep 2 08:25:47 LAN Default deny rule IPv4 (1000000103) 10.10.2.126:50900 172.217.168.195:443 TCP:FA Sep 2 08:25:47 LAN Default deny rule IPv4 (1000000103) 10.10.2.126:47250 34.192.124.236:443 TCP:RA Sep 2 08:25:47 LAN Default deny rule IPv4 (1000000103) 10.10.2.126:47024 44.241.61.161:443 TCP:RA Sep 2 08:25:47 LAN Default deny rule IPv4 (1000000103) 10.10.2.126:43556 216.58.214.3:443 TCP:FAThose are as described in the linked doc above, TCP flagged FA and RA, so expected.
If those port forwards are correct I would expect it to work. I note though that the rules on WAN to pass traffic to them show 0 states and almost no traffic. It looks like nothing has tried to connect.
Steve
-
@stephenw10 Sorry mate it make all no sense to me that if i run a game server on a machine this server should have the same IP as the machine it runs on and not get locked out on a bunch of ipv6 and a random IP that shows up, it is getting way to complicated for me, with flags that should not be there.
If you have clear rules that state ANY with no exceptions al all actualy mean most rules with a few exceptions. (IMHO)Thanks for the help anyway.
ill be switching back to the ISP modem that is less problematic for ppl like me.WKR
Petrus -
Just to be clear, from what we have seen there is no problem here. The blocked traffic you are seeing in the firewall logs is expected, it's not actually blocking connections.
It just looks like nothing has tried to connect. How are you testing it?Steve
-
i start the game server from console on the ubuntu server PC via VNC on my laptop then i go to steam and see if the server is online on the steam list and direct-IP list there it shows on the LAN part but not on the external list.
-
-
Are you testing from a game client behind pfSense and trying to use the external IP?
That's not a good test if so and isn't expected to work by default. That would explain why the rules showed zero states.
You should test from a remote public IP. If you really need that to work internally though you can enable NAT reflection:
https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.htmlBut you should not need that and you should be aware that it's not actually testing the port forward.
Steve
-
@marvosa good that you saw that that was to see if it would have worked with tcp and forgot to put them back to udp.
i can show you that even with the correct protocols it still does not work. :( -
@stephenw10 i can see this aswell by browsing tru the steam server lists. it is not showing there where it did when i was using my ISP modem/router aswell the WAN side of the game client direct IP connection was showing green then.
-
i hooked up my laptop's wifi to my cellphone and tried to get connection to the server my ISP's IP was still unreachable
-
Do you see states/traffic on the port forward WAN firewall rules when you try to connect?
Or you can enable logging on those rules connections using them will show in the firewall log as passed.
Steve
